TechSpot

Computer constantly crashes with 100008 driver error

By sumdawgy
Jan 27, 2011
  1. Sis in Law got hit.
    Not knowing all of the programs she uses exactly it's hard for me to verify I've cleaned it out as completely as it needs to be. She has a game dear to her heart installed and really didn't want a complete reload...

    I'd set her up with AVG anti-virus (updated to avg8 last year), the intruder tried to install an anti-virus override... & the computer began to crash regularly ....then when that failed, they seem to have tried to re-program her bios.. this forced her video to go black w/ANSI chars..AND it wouldn't restart.....this is when she finally involved me... Somewhere along the way, they managed to get & use a Limewire version in her tmp directory...

    Compounding the issue, she only ran HP's updates not Microsoft's in a misguided attempt to be pro-active about safety. Sigh. As it turns out intruder tried to get full control....but, failed and failed and failed.... bad for her & them both...Better for me (able save her comp w/o reload)....

    I didn't re-install Bios but rather, ran a reset of settings. which cleared up the restart issue.

    Need help to verify I've closed all the door's (& windows) left open by the intruder.... besides the limewire EXE, I came across a cmdconsole directory in her %user% directory.

    I've saved copies of her mini-dumps for my reference & can post if you want to see. them.

    Most of the repair, I'm doing through a third-party remote console. (Which I suspect also tripped them up for their own efforts) But, this makes it hard for me to effectively run Gmer without an internet connection. It did complete & the rootkit/malware it reported all looked good to me (That said, I am here for advice.)

    I'm posting the required logs in a reply to this post.
     
  2. sumdawgy

    sumdawgy TS Rookie Topic Starter

    Log run 1

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5623

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/27/2011 3:31:48 PM
    mbam-log-2011-01-27 (15-31-48).txt

    Scan type: Quick scan
    Objects scanned: 163691
    Time elapsed: 11 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-27 15:58:37
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 ST3802110A rev.3.AHL
    Running: h54biglm.exe; Driver: C:\DOCUME~1\CHAS-R~1\LOCALS~1\Temp\kxdyypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by chas-repair at 16:00:43.64 on Thu 01/27/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1366 [GMT -5:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *Disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\FarStone\GameDrive\vdtask.exe
    C:\WINDOWS\vcdplayx.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Documents and Settings\All Users\Documents\repair\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [<NO NAME>]
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [VirtualDrive] c:\program files\farstone\gamedrive\vdtask.exe /AutoRestore
    mRun: [vcdplayx] "c:\windows\vcdplayx.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: {7341C099-0E90-4947-9843-609126B2B89C} = 71.242.0.12,71.252.0.12
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\chas-r~1\applic~1\mozilla\firefox\profiles\7281mo0z.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-27 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-2 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-27 108552]
    R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [2002-11-22 48111]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-27 127768]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-27 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 297752]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-3 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-27 47640]
    S2 gupdate1c9bd1521cc7982;Google Update Service (gupdate1c9bd1521cc7982);c:\program files\google\update\GoogleUpdate.exe [2009-4-14 133104]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-18 30192]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2011-01-27 20:16:24 -------- d-----w- c:\docume~1\chas-r~1\applic~1\Malwarebytes
    2011-01-27 20:16:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-27 20:16:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-27 20:16:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-27 20:16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-26 20:56:24 -------- d-----w- c:\docume~1\chas-r~1\locals~1\applic~1\Mozilla
    2011-01-26 20:38:07 -------- d-----w- c:\docume~1\chas-r~1\locals~1\applic~1\Apple Computer
    2011-01-26 20:37:36 -------- d-----w- c:\docume~1\chas-r~1\locals~1\applic~1\Google
    2011-01-26 20:37:29 -------- d-----w- c:\docume~1\chas-r~1\locals~1\applic~1\LogMeIn
    2011-01-26 20:36:38 -------- d-sh--w- c:\documents and settings\chas-repair\IETldCache

    ==================== Find3M ====================

    2010-12-16 07:33:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-16 07:33:11 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-12-16 07:33:10 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-12-16 07:33:10 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

    ============= FINISH: 16:02:39.68 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/20/2006 6:58:37 PM
    System Uptime: 1/27/2011 3:33:35 PM (1 hours ago)

    Motherboard: ECS | | Alhena
    Processor: Intel(R) Celeron(R) D CPU 3.33GHz | CPU 1 | 3331/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 67 GiB total, 20.88 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 0.326 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1048: 10/31/2010 5:07:33 AM - System Checkpoint
    RP1049: 11/1/2010 2:22:47 PM - System Checkpoint
    RP1050: 11/2/2010 2:31:14 PM - System Checkpoint
    RP1051: 11/3/2010 3:20:18 PM - System Checkpoint
    RP1052: 11/5/2010 9:09:56 AM - System Checkpoint
    RP1053: 11/6/2010 10:23:59 AM - System Checkpoint
    RP1054: 11/7/2010 9:33:05 AM - System Checkpoint
    RP1055: 11/8/2010 1:19:58 PM - System Checkpoint
    RP1056: 11/9/2010 2:55:58 PM - System Checkpoint
    RP1057: 11/11/2010 1:42:42 AM - System Checkpoint
    RP1058: 11/12/2010 1:48:30 AM - System Checkpoint
    RP1059: 11/12/2010 11:54:02 PM - Software Distribution Service 3.0
    RP1060: 11/14/2010 9:03:01 AM - System Checkpoint
    RP1061: 11/17/2010 6:20:01 AM - System Checkpoint
    RP1062: 11/18/2010 10:09:12 PM - System Checkpoint
    RP1063: 11/21/2010 10:55:06 AM - System Checkpoint
    RP1064: 11/24/2010 4:03:47 AM - System Checkpoint
    RP1065: 11/26/2010 6:26:48 AM - System Checkpoint
    RP1066: 11/29/2010 8:48:00 PM - System Checkpoint
    RP1067: 12/1/2010 7:47:02 AM - System Checkpoint
    RP1068: 12/2/2010 8:38:06 AM - System Checkpoint
    RP1069: 12/4/2010 10:56:34 AM - System Checkpoint
    RP1070: 12/5/2010 11:03:48 AM - System Checkpoint
    RP1071: 12/6/2010 12:39:25 PM - System Checkpoint
    RP1072: 12/8/2010 4:26:35 AM - System Checkpoint
    RP1073: 12/11/2010 5:04:53 AM - System Checkpoint
    RP1074: 12/12/2010 5:39:46 AM - System Checkpoint
    RP1075: 12/13/2010 7:28:06 AM - System Checkpoint
    RP1076: 12/14/2010 3:41:01 PM - System Checkpoint
    RP1077: 12/16/2010 2:45:53 AM - System Checkpoint
    RP1078: 12/17/2010 2:58:58 AM - System Checkpoint
    RP1079: 12/18/2010 3:39:46 AM - System Checkpoint
    RP1080: 12/18/2010 5:01:19 PM - Software Distribution Service 3.0
    RP1081: 12/19/2010 5:10:09 PM - System Checkpoint
    RP1082: 12/21/2010 5:38:07 AM - System Checkpoint
    RP1083: 12/22/2010 1:15:30 PM - System Checkpoint
    RP1084: 12/24/2010 2:50:25 AM - System Checkpoint
    RP1085: 12/25/2010 5:10:45 AM - System Checkpoint
    RP1086: 12/26/2010 6:09:07 AM - System Checkpoint
    RP1087: 12/27/2010 6:21:07 AM - System Checkpoint
    RP1088: 12/28/2010 7:06:22 AM - System Checkpoint
    RP1089: 12/29/2010 7:09:05 AM - System Checkpoint
    RP1090: 12/30/2010 8:09:05 AM - System Checkpoint
    RP1091: 12/31/2010 9:29:44 AM - System Checkpoint
    RP1092: 1/1/2011 10:18:51 AM - System Checkpoint
    RP1093: 1/3/2011 2:10:02 PM - Printer Driver LogMeIn Printer Driver Installed
    RP1094: 1/7/2011 2:45:31 AM - System Checkpoint
    RP1095: 1/8/2011 7:05:07 AM - System Checkpoint
    RP1096: 1/9/2011 7:13:11 AM - System Checkpoint
    RP1097: 1/10/2011 8:13:13 AM - System Checkpoint
    RP1098: 1/11/2011 8:14:18 AM - System Checkpoint
    RP1099: 1/12/2011 9:41:14 AM - System Checkpoint
    RP1100: 1/13/2011 10:14:18 AM - System Checkpoint
    RP1101: 1/13/2011 12:18:42 PM - Software Distribution Service 3.0
    RP1102: 1/14/2011 12:41:26 PM - System Checkpoint
    RP1103: 1/15/2011 1:41:24 PM - System Checkpoint
    RP1104: 1/16/2011 2:42:29 PM - System Checkpoint
    RP1105: 1/17/2011 4:51:05 PM - System Checkpoint
    RP1106: 1/18/2011 6:32:02 PM - System Checkpoint
    RP1107: 1/20/2011 5:38:03 AM - System Checkpoint
    RP1108: 1/21/2011 5:40:21 AM - System Checkpoint
    RP1109: 1/22/2011 10:08:47 AM - System Checkpoint
    RP1110: 1/26/2011 3:42:55 PM - Removed iTunes

    ==== Installed Programs ======================

    2002 Space Out Games
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.6
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    AutoUpdate
    AVG Free 8.5
    Belarc Advisor 7.2
    Boggle
    Bonjour
    BufferChm
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Customer Experience Enhancement
    CustomerResearchQFolder
    Data Fax SoftModem with SmartCP
    Destinations
    DivX Codec
    DivX Player
    DivX Version Checker
    EA Download Manager
    EA Download Manager UI
    eSupportQFolder
    F300
    F300_Help
    Fax_CDA
    FullDPAppQFolder
    GameDrive
    Google Chrome
    Google Desktop
    Google Earth
    Google Photos Screensaver
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Customer Participation Program 7.0
    HP DVD Play 2.1
    HP Games
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Product Assistant
    HP Solution Center 7.0
    HP Support Overview
    HP Update
    HP Web Helper
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareDevices
    InstantShareDevicesMFC
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    JumpStart Around the World - Kindergarten
    JumpStart Math for First Graders v1.3
    LogMeIn
    Malwarebytes' Anti-Malware
    MarketResearch
    Masquerade Mysteries - Case of the Copycat Curator
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Monopoly
    Monopoly (remove only)
    Mozilla Firefox (3.5.16)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    MyDSC2
    Mystery P.I. - Stolen in San Francisco
    Netscape Browser (remove only)
    Network Play System (Patching)
    NewCopy_CDA
    OpenOffice.org 2.0
    OptionalContentQFolder
    PC-Doctor 5 for Windows
    PhoTags Express
    PhotoGallery
    Picasa 2
    ProductContextNPI
    Puzzle Quest 2
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    QuickTime
    RandMap
    Reader Rabbit 2nd Grade
    Readme
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody
    Rhapsody Player Engine
    Sandlot Games Client Services
    Scan
    ScannerCopy
    SCRABBLE
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SlideShow
    SlideShowMusic
    SolutionCenter
    Sonic Express Labeler
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    The Sims 2 Open For Business
    The Sims Livin' Large
    The Sims™ 2 Deluxe
    The Sims™ 2 FreeTime
    The Sims™ 2 Kitchen & Bath Interior Design Stuff
    The Sims™ 2 Seasons
    The Sims™ 3
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP (remove only)
    VC80CRTRedist - 8.0.50727.762
    Watchtower Library 2006 - English Edition
    Watchtower Library 2007 - English
    Watchtower Library 2008 - English
    Watchtower Library 2009 - English
    Watchtower Library 2010 - English
    WebFldrs XP
    WebReg
    Wedding Dash (R) 4-Ever
    WildTangent Web Driver
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Extras
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    1/27/2011 6:11:08 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf81fb4a, parameter3 b16c9b4c, parameter4 00000000.
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:15 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:14 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    1/27/2011 2:56:14 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/27/2011 2:56:14 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/26/2011 4:39:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/26/2011 4:39:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BANTExt Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 4:39:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 3:44:50 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    1/26/2011 3:39:05 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 e2a05000, parameter3 e2a05408, parameter4 0c810400.
    1/23/2011 4:29:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort5, did not respond within the timeout period.
    1/23/2011 4:14:29 AM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b1282468, parameter3 b1282164, parameter4 805446dc.
    1/23/2011 2:52:34 PM, error: System Error [1003] - Error code 100000d1, parameter1 cceb7fb2, parameter2 000000ff, parameter3 00000008, parameter4 cceb7fb2.
    1/23/2011 2:50:08 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 e2a408d8, parameter3 e2a40930, parameter4 0c0b0205.
    1/23/2011 1:31:26 AM, error: Service Control Manager [7003] - The TrueVector Internet Monitor service depends on the following nonexistent service: vsdatant
    1/22/2011 10:21:14 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 024aff81, parameter3 b1126d6c, parameter4 00000000.

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    You have Norton's leftovers.
    Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. sumdawgy

    sumdawgy TS Rookie Topic Starter

    Understood. I am running Norton removal tool now.
    Will complete the other 2 asap.

    (Also, the system hasn't crashed since completing the initial steps.
    This system DOES have a restore partition. I am not certain if it is undisturbed.)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very well :)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Reopened....
     
  7. sumdawgy

    sumdawgy TS Rookie Topic Starter

    Sorry for the delay.. Needed to get to her Computer.

    AFIK I only had 2 logs to submit...

    I ran the Norton Removal Tool.... then MBRCheck & ComboFiX.
    All ran normally w/o needing safe mode....

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA5AC000 viaide.sys
    0xBA5AE000 intelide.sys
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F31000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9F11000 fltmgr.sys
    0xB9EFF000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9EE8000 KSecDD.sys
    0xB9ED5000 WudfPf.sys
    0xB9E48000 Ntfs.sys
    0xB9E1B000 NDIS.sys
    0xB9E01000 Mup.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB98EB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB98D7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA3F8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB98B3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA400000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9890000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA550000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB9868000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA408000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9823000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0xB972C000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
    0xB9676000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xBA418000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB9662000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0xBA6E8000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\CDAWDM.sys
    0xB964A000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0xBA6E9000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA558000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9633000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9582000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9524000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA568000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA178000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA1A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB43B1000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB438D000 \SystemRoot\system32\drivers\portcls.sys
    0xBA1D8000 \SystemRoot\system32\drivers\drmk.sys
    0xB42A2000 \SystemRoot\system32\DRIVERS\klif.sys
    0xB9A75000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7F5000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5CA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA460000 \SystemRoot\System32\drivers\vga.sys
    0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA468000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA470000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9A71000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB426F000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB4216000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB41D5000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xB41AF000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA53C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB4187000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB4165000 \SystemRoot\System32\drivers\afd.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB413A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB40CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA228000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA6A4000 \SystemRoot\System32\Drivers\BANTExt.sys
    0xBA478000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xB4079000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xB402D000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA258000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB4015000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB4202000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA380000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA69D000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF055000 \SystemRoot\System32\ati2cqag.dll
    0xBF09A000 \SystemRoot\System32\atikvmag.dll
    0xBF0D0000 \SystemRoot\System32\ati3duag.dll
    0xBF362000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB1DD5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB1B50000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB1940000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA5B0000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xB9593000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xB1A58000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB16E0000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB142D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB12D4000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBF4BA000 \SystemRoot\System32\lmimirr.dll
    0xBF4BF000 \SystemRoot\System32\lmimirr2.dll
    0xB054A000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    456 C:\WINDOWS\system32\smss.exe
    512 csrss.exe
    540 C:\WINDOWS\system32\winlogon.exe
    584 C:\WINDOWS\system32\services.exe
    596 C:\WINDOWS\system32\lsass.exe
    748 C:\WINDOWS\system32\ati2evxx.exe
    764 C:\WINDOWS\system32\svchost.exe
    824 svchost.exe
    892 C:\WINDOWS\system32\svchost.exe
    936 C:\WINDOWS\system32\svchost.exe
    1108 svchost.exe
    1176 svchost.exe
    1304 C:\WINDOWS\system32\spoolsv.exe
    1432 svchost.exe
    1468 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1488 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    1504 C:\Program Files\Bonjour\mDNSResponder.exe
    1680 C:\Program Files\Java\jre6\bin\jqs.exe
    1712 C:\Program Files\Google\Update\GoogleUpdate.exe
    1744 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    1868 C:\Program Files\LogMeIn\x86\ramaint.exe
    1980 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    224 C:\Program Files\AVG\AVG8\avgrsx.exe
    340 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    784 C:\WINDOWS\system32\svchost.exe
    972 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    1344 C:\PROGRA~1\AVG\AVG8\avgemc.exe
    2180 C:\Program Files\AVG\AVG8\avgcsrvx.exe
    2572 alg.exe
    2996 C:\WINDOWS\system32\svchost.exe
    3536 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    3824 C:\WINDOWS\system32\ati2evxx.exe
    3976 C:\WINDOWS\explorer.exe
    1768 C:\WINDOWS\RTHDCPL.EXE
    1932 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2080 C:\Program Files\FarStone\GameDrive\vdtask.exe
    2092 C:\WINDOWS\vcdplayx.exe
    2136 C:\PROGRA~1\AVG\AVG8\avgtray.exe
    2144 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    2388 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2532 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    2592 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    2604 C:\Program Files\Messenger\msmsgs.exe
    2728 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2744 C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    2852 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    2900 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    1864 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    3288 C:\WINDOWS\system\hpsysdrv.exe
    4088 C:\Documents and Settings\All Users\Documents\repair\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`dd45cc00 (FAT32)

    PhysicalDrive0 Model Number: ST3802110A, Rev: 3.AHL

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    ComboFix 11-01-28.01 - HP_Owner 01/28/2011 18:48:19.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1490 [GMT -5:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
    c:\documents and settings\HP_Owner\Desktop\Translator.url
    c:\documents and settings\HP_Owner\Favorites\Download programs.url
    c:\documents and settings\HP_Owner\Favorites\Games.url
    c:\documents and settings\HP_Owner\Favorites\Translator.url
    c:\documents and settings\HP_Owner\Favorites\Videos.url
    c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
    c:\documents and settings\HP_Owner\Start Menu\Programs\Download programs.url
    c:\documents and settings\HP_Owner\Start Menu\Programs\Games.url
    c:\documents and settings\HP_Owner\Start Menu\Programs\Translator.url
    c:\documents and settings\HP_Owner\Start Menu\Programs\Videos.url
    c:\program files\Internet Explorer\SET296.tmp
    c:\program files\Internet Explorer\SET297.tmp
    c:\program files\Internet Explorer\SET299.tmp
    c:\program files\Internet Explorer\SET2FD.tmp
    c:\program files\Internet Explorer\SET2FE.tmp
    c:\program files\Internet Explorer\SET2FF.tmp
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\_000011_.tmp.dll
    c:\windows\system32\_000012_.tmp.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-27 21:24 . 2011-01-27 21:24 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
    2011-01-27 20:16 . 2011-01-27 20:16 -------- d-----w- c:\documents and settings\chas-repair\Application Data\Malwarebytes
    2011-01-27 20:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-27 20:16 . 2011-01-27 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-27 20:16 . 2011-01-27 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-27 20:16 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-26 21:38 . 2011-01-26 21:38 -------- d-----w- c:\documents and settings\Administrator
    2011-01-26 20:56 . 2011-01-26 20:56 -------- d-----w- c:\documents and settings\chas-repair\Local Settings\Application Data\Mozilla
    2011-01-26 20:38 . 2011-01-26 20:38 -------- d-----w- c:\documents and settings\chas-repair\Application Data\HP
    2011-01-26 20:38 . 2011-01-26 20:43 -------- d-----w- c:\documents and settings\chas-repair\Application Data\Apple Computer
    2011-01-26 20:38 . 2011-01-26 20:43 -------- d-----w- c:\documents and settings\chas-repair\Local Settings\Application Data\Apple Computer
    2011-01-26 20:37 . 2011-01-26 20:37 -------- d-----w- c:\documents and settings\chas-repair\Local Settings\Application Data\Google
    2011-01-26 20:37 . 2011-01-26 20:37 -------- d-----w- c:\documents and settings\chas-repair\Local Settings\Application Data\LogMeIn
    2011-01-26 20:36 . 2011-01-26 20:36 -------- d-sh--w- c:\documents and settings\chas-repair\IETldCache
    2011-01-02 04:45 . 2011-01-02 04:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-16 07:33 . 2008-07-27 20:06 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-12-16 07:33 . 2008-07-27 20:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-16 07:33 . 2008-07-27 20:06 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-12-16 07:33 . 2008-07-27 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-11-18 18:12 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2004-08-04 04:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 04:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-09-19 00:03 . 2010-09-19 00:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "VirtualDrive"="c:\program files\FarStone\GameDrive\vdtask.exe" [2002-11-22 86016]
    "vcdplayx"="c:\windows\vcdplayx.exe" [2002-06-10 57344]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-13 185896]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-19 30192]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-12-13 27136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-12-13 36903]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-12-16 07:33 87424 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [11/22/2002 5:58 PM 48111]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/3/2011 2:08 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 2:31 PM 12856]
    S2 gupdate1c9bd1521cc7982;Google Update Service (gupdate1c9bd1521cc7982);c:\program files\Google\Update\GoogleUpdate.exe [4/14/2009 10:24 AM 133104]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/18/2010 7:02 PM 30192]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 15:23]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 15:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {7341C099-0E90-4947-9843-609126B2B89C} = 71.242.0.12,71.252.0.12
    FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\va3c4vwp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.toggle.com/index.php?rvs=hompag
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKLM-Run-PCDrProfiler - (no file)
    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-28 19:00
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(536)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LMIinit.dll

    - - - - - - - > 'explorer.exe'(3716)
    c:\windows\system32\WININET.dll
    c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\LMIRfsClientNP.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .


    Completion time: 2011-01-28 19:10:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-29 00:10

    Pre-Run: 22,602,944,512 bytes free
    Post-Run: 22,581,080,064 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - C43D35B5EFC7D44A6CAC41D7AB8236D6
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We need to double check your MBR.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. sumdawgy

    sumdawgy TS Rookie Topic Starter

    ok bootkit remover says
    (there was also a debug log file that i wouldn't include unless instructed.)

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 74c9b8a519aa05c22f46e134715d1f6f

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We need to fix it.

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
     
  11. sumdawgy

    sumdawgy TS Rookie Topic Starter

    Sorry for the delay.

    This step requires that I again get physical acess to the computer...
    I am working on it... She's a very private person, so I can't just drop in on her.


    But I am working on it.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    No problem :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...