TechSpot

Help with removal of rootkits

Inactive
By iturkington
Nov 13, 2010
  1. A recent anti-rootkit scan detected the following...

    "Object name";"C:\WINDOWS\system32\drivers\prosync1.sys"
    "Detection name";"IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys +0x661"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prodrv06 IRP_MJ_CLOSE -> 0xE1EA18A0"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prodrv06 IRP_MJ_DEVICE_CONTROL -> 0xE1EA18A0"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prohlp02 IRP_MJ_CREATE -> 0x79C9261F"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prohlp02 IRP_MJ_CLOSE -> 0x79C9261F"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prohlp02 IRP_MJ_DEVICE_CONTROL -> 0x79C9261F"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    "Object name";"<unknown>"
    "Detection name";"IRP hook, \Driver\prodrv06 IRP_MJ_CREATE -> 0xE1EA18A0"
    "Object type";"file"
    "SDK Type";"Rootkit"
    "Result";"Object is hidden"

    ---

    Are these malicious?
    And if so any advice on how I can remove them.

    Other info...
    The PC is Windows XP Home Edition Service Pack 3 (build 2600)
    The virus scanner is AVG 10.0.1153 (release date: 12 Nov 2010 10:40)

    Thanks,
    Ian
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It is not a good idea to run these powerful programs without guidance. I can't take random results from an unknown program, and make a determination.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. iturkington

    iturkington TS Rookie Topic Starter Posts: 18

    Update and logs after 8-step plan

    Hi & thanks.

    I've been through the 8-stop plan as instructed.

    I'll tell you what happened, and paste the logs files below.

    Step 1 - I'm already using AVG (2011 v10.0.1153), so I didn't change anything.

    Step 2 - TFC - Carried out as instructed

    Step 3 - Anti-Malware - Downloaded and ran. The scan was clean. Log pasted below.

    Step 4 - GMER - When I double-clicked GMER in normal mode the PC immediatly re-booted. I re-booted in safe-mode, and ran GMER. The initial automatic scan completed, but the log file created when clicking SAVE was empty. I tried clicking on SCAN to run another scan and the SCAN (and the PC) got "stuck" for about an hour before I restarted the PC.

    Step 5 - DDS - Worked as instructed. Logs pasted below.

    Step 6 - This post!

    ----------
    LOG FILES
    ----------

    ----------
    Malwarebytes Anti-Malware Log
    ----------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5111

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    14/11/2010 11:57:02
    mbam-log-2010-11-14 (11-57-02).txt

    Scan type: Quick scan
    Objects scanned: 184859
    Time elapsed: 6 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------
    GMER LOG
    ----------
    Log file was empty.

    ----------
    DDS LOG FILE
    ----------

    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Ian at 18:01:56.14 on 14/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1076 [GMT 0:00]

    AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Ian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Ian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Documents and Settings\Ian\My Documents\Downloads\8 steps\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.northernbank.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
    uRun: [Google Update] "c:\documents and settings\ian\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ZumoCast] c:\program files\zecter\zumocast\ZumoLauncher.lnk
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [OneTouch Monitor] "c:\program files\xerox one touch\OneTouchMon.exe"
    mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
    mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: bt.com\www.mybt
    Trusted Zone: motive.com\pbttbc.bt
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/36.21/uploader2.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
    DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.mybt.bt.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol024.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ian\applic~1\mozilla\firefox\profiles\u7ntw4e6.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.ticketmaster.ie/search?tm_link=tm_homeA_header_search&q=u2&search.x=0&search.y=0|http://www.google.co.uk/
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\ian\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\ian\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\ian\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
    FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
    FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
    R1 NEOFLTR_550_12491;Juniper Networks TDI Filter Driver (NEOFLTR_550_12491);c:\windows\system32\drivers\NEOFLTR_550_12491.sys [2007-12-26 64144]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-14 54752]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-8-4 233472]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-8-4 36608]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
    S2 VaultClientSRV;BT Auto Backup Service;c:\program files\bt auto backup\vaultclientsrv.exe --> c:\program files\bt auto backup\VaultClientSRV.exe [?]
    S2 VaultClientUpgrade;BT Auto Backup Upgrade Service;c:\program files\bt auto backup\vaultclientupgrade.exe --> c:\program files\bt auto backup\VaultClientUpgrade.exe [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-17 517448]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

    =============== Created Last 30 ================

    2010-11-13 11:25:10 -------- d-----r- c:\program files\Skype
    2010-11-01 10:43:10 -------- d-----w- c:\docume~1\ian\locals~1\applic~1\AVG Security Toolbar
    2010-10-30 20:38:35 -------- d-----w- c:\docume~1\ian\applic~1\ZumoCast
    2010-10-30 20:38:00 -------- d-----w- c:\program files\Zecter
    2010-10-17 22:46:08 -------- d-----w- c:\program files\iPod
    2010-10-17 22:46:05 -------- d-----w- c:\program files\iTunes
    2010-10-17 22:42:41 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-10-17 22:42:41 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-10-17 22:42:07 -------- d-----w- c:\program files\Bonjour
    2010-10-17 19:55:28 -------- d-----w- c:\docume~1\ian\applic~1\AVG
    2010-10-17 17:11:08 -------- d-----w- c:\docume~1\ian\applic~1\AVG10
    2010-10-17 17:09:53 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2010-10-17 17:09:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-10-17 17:08:01 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-10-17 17:08:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2010-10-17 16:44:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

    ==================== Find3M ====================

    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-09 22:39:14 2826240 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 18:04:09.57 ===============


    ----------
    DDS ATTACH FILE
    ----------


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 24/11/2004 20:17:37
    System Uptime: 14/11/2010 17:55:54 (1 hours ago)

    Motherboard: Hewlett-Packard | | Snapper
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 70 GiB total, 10.93 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 1.188 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 149 GiB total, 13.535 GiB free.
    G: is FIXED (NTFS) - 37 GiB total, 24.351 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1462: 06/09/2010 15:00:29 - System Checkpoint
    RP1463: 08/09/2010 08:21:18 - Software Distribution Service 3.0
    RP1464: 09/09/2010 14:33:25 - System Checkpoint
    RP1465: 10/09/2010 16:47:53 - System Checkpoint
    RP1466: 11/09/2010 20:01:05 - System Checkpoint
    RP1467: 13/09/2010 09:30:01 - System Checkpoint
    RP1468: 14/09/2010 10:14:37 - System Checkpoint
    RP1469: 15/09/2010 18:32:04 - System Checkpoint
    RP1470: 16/09/2010 08:31:55 - Software Distribution Service 3.0
    RP1471: 17/09/2010 08:40:17 - System Checkpoint
    RP1472: 18/09/2010 17:15:53 - System Checkpoint
    RP1473: 20/09/2010 14:26:34 - System Checkpoint
    RP1474: 21/09/2010 18:13:39 - System Checkpoint
    RP1475: 22/09/2010 18:56:50 - System Checkpoint
    RP1476: 24/09/2010 08:29:27 - Avg Update
    RP1477: 24/09/2010 08:31:33 - Avg Update
    RP1478: 25/09/2010 10:15:21 - System Checkpoint
    RP1479: 26/09/2010 21:44:30 - System Checkpoint
    RP1480: 28/09/2010 17:40:10 - System Checkpoint
    RP1481: 29/09/2010 18:42:56 - System Checkpoint
    RP1482: 29/09/2010 21:42:15 - Software Distribution Service 3.0
    RP1483: 01/10/2010 15:28:11 - System Checkpoint
    RP1484: 02/10/2010 16:00:19 - System Checkpoint
    RP1485: 03/10/2010 21:00:16 - System Checkpoint
    RP1486: 04/10/2010 21:00:31 - System Checkpoint
    RP1487: 05/10/2010 09:50:45 - Avg Update
    RP1488: 06/10/2010 16:55:25 - System Checkpoint
    RP1489: 07/10/2010 18:35:19 - System Checkpoint
    RP1490: 08/10/2010 03:00:23 - Software Distribution Service 3.0
    RP1491: 08/10/2010 08:26:02 - Installed iTunes
    RP1492: 09/10/2010 11:17:52 - System Checkpoint
    RP1493: 10/10/2010 17:59:59 - System Checkpoint
    RP1494: 11/10/2010 18:26:22 - System Checkpoint
    RP1495: 13/10/2010 07:58:24 - System Checkpoint
    RP1496: 13/10/2010 19:10:02 - Software Distribution Service 3.0
    RP1497: 15/10/2010 07:36:34 - System Checkpoint
    RP1498: 16/10/2010 17:43:01 - System Checkpoint
    RP1499: 17/10/2010 17:50:55 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP1500: 17/10/2010 17:51:12 - Installed AVG 2011
    RP1501: 17/10/2010 17:52:26 - Removed AVG Free 9.0
    RP1502: 17/10/2010 18:07:46 - Installed AVG 2011
    RP1503: 17/10/2010 18:49:07 - Removed iTunes
    RP1504: 17/10/2010 18:54:18 - Removed QuickTime
    RP1505: 17/10/2010 20:07:16 - Removed Apple Software Update
    RP1506: 17/10/2010 20:08:16 - Removed Apple Mobile Device Support
    RP1507: 17/10/2010 20:09:19 - Removed Bonjour
    RP1508: 17/10/2010 20:10:08 - Removed Apple Application Support
    RP1509: 17/10/2010 20:33:24 - Removed Colormailer Photobooks
    RP1510: 17/10/2010 20:34:55 - Removed ColorMailer Photos and Posters
    RP1511: 17/10/2010 20:36:07 - Removed Colormailer Photobooks
    RP1512: 17/10/2010 20:36:48 - Removed Colormailer Photo Service
    RP1513: 17/10/2010 20:38:26 - Removed Dinosaur Hunter
    RP1514: 17/10/2010 20:41:25 - Removed Zoo Vet
    RP1515: 17/10/2010 23:45:25 - Installed iTunes
    RP1516: 19/10/2010 10:53:05 - System Checkpoint
    RP1517: 20/10/2010 12:52:41 - System Checkpoint
    RP1518: 21/10/2010 21:14:45 - System Checkpoint
    RP1519: 23/10/2010 21:13:36 - System Checkpoint
    RP1520: 25/10/2010 13:40:17 - System Checkpoint
    RP1521: 26/10/2010 15:37:02 - System Checkpoint
    RP1522: 27/10/2010 16:31:07 - System Checkpoint
    RP1523: 28/10/2010 16:43:19 - System Checkpoint
    RP1524: 29/10/2010 17:46:53 - System Checkpoint
    RP1525: 31/10/2010 12:11:01 - System Checkpoint
    RP1526: 01/11/2010 15:58:57 - System Checkpoint
    RP1527: 02/11/2010 16:48:57 - System Checkpoint
    RP1528: 04/11/2010 10:07:06 - System Checkpoint
    RP1529: 05/11/2010 13:41:21 - System Checkpoint
    RP1530: 09/11/2010 20:49:23 - System Checkpoint
    RP1531: 10/11/2010 13:45:23 - Software Distribution Service 3.0
    RP1532: 13/11/2010 10:41:02 - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 6.0
    Adobe Reader 9.4.0
    Age of Dinosaurs 3D 7.9
    Agere Systems PCI Soft Modem
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Animals of Africa
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    AVG PC Tuneup 2011
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Belarc Advisor 6.1
    Bonjour
    BT Broadband Desktop Help
    BT Home Hub
    BT Wireless Connection Manager
    BT Yahoo! Applications
    CameraDrivers
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon EOS-1Ds Mark II WIA Driver
    Canon EOS 5D WIA Driver
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.0
    Canon Utilities EOS Utility
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities WFT-E1/E2 Utility
    Canon Utilities ZoomBrowser EX
    CCleaner (remove only)
    Copy
    Creation Station Special Edition
    CreativeProjects
    Cucusoft DVD to iPod Converter 3.20
    Cucusoft DVD to PSP Converter 3.06
    Dinosaur Hunter 2.0
    Director
    DocProc
    Drone
    EOCP Drivers 0.9.311007
    Facebook Plug-In
    Fax
    Flickr Uploadr 2.5.0.15
    Free Audio CD Burner version 1.2
    Free YouTube to MP3 Converter version 3.2
    Garmin City Navigator Europe NT v9
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    HP Deskjet 3740
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 3.5
    HP Image Zone Plus 3.5
    HP Pavilion PC Help
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 3.5
    HP Software Update
    hpg2436
    hpg3970
    hpg4600
    hpg5530
    hpg8200
    HPIZ350
    HPIZFix3
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    InterActual Player
    InterVideo WinDVD Creator 2
    InterVideo WinDVD Player
    IPIX Viewer
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Jigsaw Dinosaur Puzzle 1.21
    Juniper Networks Secure Application Manager
    Junk Mail filter update
    LEGO Creator Knights' Kingdom
    LEGO Island
    LEGO Racers 2
    LEGO Star Wars Demo Disc
    LiveUpdate 3.0 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Mashed
    Media eLinker
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Encarta Encyclopedia Standard - WE 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money
    Microsoft Money System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 97, Professional Edition
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Live Meeting 2005
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook 2002
    Microsoft Picture It! Photo Standard 9
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Journal Viewer
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Microsoft Zoo Tycoon
    MobileMe Control Panel
    Moon Tycoon
    Mozilla Firefox (3.0.19)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My DSC
    NVIDIA Drivers
    OpenOffice.org 3.0
    Origami Craft Studio
    Outlaw Racers
    Overland
    Paint Shop Pro 6.0 (ESD)
    Paint.NET v2.5
    PaperPort 8.0 SE
    PC-Doctor for Windows
    PC Connectivity Solution
    PhotoGallery
    Photosmart 140,240,7200,7600,7700,7900 Series
    Picasa 3
    PrintMaster Gold 4.02
    PrintScreen
    PS2
    PSP Video 9 1.74
    PSShortcutsP
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    QuickProjects
    QuickTime
    Readme
    ReadPlease 2003/ReadPlease PLUS 2003
    RealPlayer
    RecordNow!
    Safari
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    SAMSUNG SYMBIAN USB Download Driver
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    SAPI5SpeechInstaller
    saver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Segoe UI
    Shockwave
    SigmaTel MSCN Audio Player
    SimCity 3000
    SkinsHP1
    SkinsHP2
    Skype Toolbars
    Skype™ 5.0
    Snapshot Viewer
    Spotify
    TextBridge Pro 9.0
    The Sims 2
    The Sims 2 Pets
    TrayApp
    Ulead Photo Express 3.0 SE
    Uninstall 1.0.0.1
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    VoiceOver Kit
    WebFldrs XP
    WebReg
    Windows Backup Utility
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Worms Forts Under Siege
    Xerox One Touch
    Yahoo! Photos Easy Upload Tool 1v6
    ZIP Reader 8.00.0018
    ZumoCast

    ==== Event Viewer Messages From Past Week ========

    14/11/2010 17:58:17, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89f12000, parameter3 89f12828, parameter4 1b050000.
    14/11/2010 17:04:51, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    14/11/2010 17:04:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    14/11/2010 17:04:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    14/11/2010 17:00:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix BANTExt eeCtrl Fips intelppm IPSec MRxSmb NEOFLTR_550_12491 NetBIOS NetBT prodrv06 prosync1 RasAcd Rdbss Tcpip
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 17:00:46, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    14/11/2010 16:55:51, error: System Error [1003] - Error code 100000c5, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 805515a1.
    14/11/2010 16:49:48, error: System Error [1003] - Error code 100000c5, parameter1 00000482, parameter2 00000002, parameter3 00000001, parameter4 805515a1.
    14/11/2010 11:17:09, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:17:04, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:17:03, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:17:00, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:16:56, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:16:55, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:16:53, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:16:51, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
    14/11/2010 11:16:51, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/11/2010 10:00:01, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SELINA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6D8D97E1-F02A-4E52. The master browser is stopping or an election is being forced.
    13/11/2010 16:26:32, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JOE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6D8D97E1-F02A-4E52-B4. The master browser is stopping or an election is being forced.
    13/11/2010 12:28:04, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prosync1
    12/11/2010 15:02:34, error: Service Control Manager [7000] - The BT Auto Backup Upgrade Service service failed to start due to the following error: The system cannot find the file specified.
    12/11/2010 15:02:34, error: Service Control Manager [7000] - The BT Auto Backup Service service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================


    ----------
    END (& thanks)
    ----------
     
  4. iturkington

    iturkington TS Rookie Topic Starter Posts: 18

    Bobbye,
    I wasn't sure how the forum operated. If I was supposed to post the logs here or as a new thread. To be sure I have created a new thread. So I will close this one.
    The new thread is "Rootkit removal help required - logs attached"
    Thanks,
    Ian
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All logs and comments should be made in the original log. You do not close a thread- that's my job. The problem is you've got logs spread out over 2 threads. I'm going to close your second thread on http://www.techspot.com/vb/topic156656.html

    All logs and comments about this problem will be handled here, on this thread.

    When you're not sure, you ask first, before doing something!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.