Hello everyone!
I think I've contracted a virus or some form of malware on my PC. I left the PC on overnight, and when I woke up, the wireless connection was disconnected. I rebooted and the Windows Activation window popped up (Windows XP Home). Shortly after bootup, I realized that one of the svchost was going out of control. Memory usage would gradually increase to over 500,000 K before I'd end the process. A virus scan with Norton AntiVirus produced no results, however it did keep blocking attacks called Malicious Toolkit Website 9.
I've followed the steps in the stickie, and appreciate any help you kind folks can offer. Thanks so much.
Below are the logs:
MBAM Log
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jeff :: PROJECT [administrator]
1/10/2012 10:55:29 AM
mbam-log-2012-01-10 (10-55-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220950
Time elapsed: 44 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------------------
GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-10 11:58:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: k0yp574g.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\uwldapow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-11 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-19 8A49F2C6
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------------------------
DDS Log: dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jeff at 12:08:15 on 2012-01-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1783 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309924587859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{8ECCA8B3-18EF-4F4F-A1F6-F25821F05B4E} : DhcpNameServer = 68.94.156.1 68.94.157.1
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\dldhuz2k.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-6-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-6-25 744568]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-29 17920]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-6-25 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-6-25 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-11 2253120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120107.001\IDSXpx86.sys [2012-1-10 356280]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVENG.SYS [2012-1-10 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVEX15.SYS [2012-1-10 1576312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-11-11 119656]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-4-17 603648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-10 16:53:53 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-01-10 16:53:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-10 16:53:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 16:53:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 15:42:05 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-10 13:02:55 -------- d-----w- c:\program files\AVG
2012-01-10 12:47:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-10 12:47:13 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-10 12:17:19 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Symantec
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-10 10:01:37 -------- d-----w- c:\documents and settings\jeff\local settings\application data\NPE
2012-01-10 09:53:18 -------- d-----w- c:\documents and settings\jeff\application data\Tific
2011-12-14 15:53:49 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Auralog
2011-12-14 15:52:32 -------- d-----w- c:\program files\Auralog
2011-12-14 15:22:02 -------- d-sh--w- c:\documents and settings\jeff\IECompatCache
2011-12-14 15:19:04 -------- d-sh--w- c:\documents and settings\jeff\PrivacIE
2011-12-14 15:16:35 -------- d-sh--w- c:\documents and settings\jeff\IETldCache
2011-12-14 15:01:16 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-12-14 15:00:56 -------- d-----w- c:\windows\ie8updates
2011-12-14 15:00:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-14 15:00:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-14 15:00:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-14 15:00:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-14 15:00:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-14 15:00:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-14 15:00:16 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-12-14 14:58:54 -------- dc-h--w- c:\windows\ie8
2011-12-14 14:46:09 -------- d-----w- c:\documents and settings\all users\application data\Auralog
2011-12-13 12:14:23 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-01-10 15:43:24 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-10 09:46:58 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-10 09:46:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-09 18:16:19 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 11:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AACS-00ZUB0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4A249F]<<
c:\windows\system32\drivers\xfilt.sys VIA Technologies,Inc VIA filter driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4a9738]; MOV EAX, [0x8a4a98ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A568AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A56B9A0]
5 xfilt[0xF7648046] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000074[0x8A56C968]
7 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5A8D98]
\Driver\atapi[0x8A4FFA70] -> IRP_MJ_CREATE -> 0x8A4A249F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4A22C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:10:10.85 ===============
--------------------------------------------------------------------------
DDS Log: Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2008 10:51:21 PM
System Uptime: 1/10/2012 12:06:40 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7253
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 270.279 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Compatable Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Compatable Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Service: FETNDIS
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4500,10.0.0.220
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP397: 10/12/2011 12:16:39 PM - System Checkpoint
RP398: 10/13/2011 1:07:46 PM - System Checkpoint
RP399: 10/15/2011 2:48:50 PM - System Checkpoint
RP400: 10/16/2011 3:06:21 PM - System Checkpoint
RP401: 10/17/2011 3:30:14 PM - System Checkpoint
RP402: 11/4/2011 5:30:35 PM - System Checkpoint
RP403: 11/6/2011 11:13:47 AM - System Checkpoint
RP404: 11/7/2011 12:50:04 PM - System Checkpoint
RP405: 11/8/2011 1:34:10 PM - System Checkpoint
RP406: 11/9/2011 2:30:03 PM - System Checkpoint
RP407: 11/10/2011 1:49:32 PM - Installed DirectX
RP408: 11/10/2011 1:49:44 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP409: 11/11/2011 2:39:07 PM - System Checkpoint
RP410: 11/11/2011 9:12:44 PM - Update to an unsigned driver
RP411: 11/11/2011 9:19:49 PM - Update to an unsigned driver
RP412: 11/11/2011 9:27:07 PM - Installed DirectX
RP413: 11/12/2011 10:55:20 PM - System Checkpoint
RP414: 11/14/2011 1:00:47 AM - System Checkpoint
RP415: 11/15/2011 1:12:28 AM - System Checkpoint
RP416: 11/16/2011 11:39:42 AM - System Checkpoint
RP417: 11/17/2011 12:05:49 PM - System Checkpoint
RP418: 11/18/2011 1:35:16 PM - System Checkpoint
RP419: 11/19/2011 1:44:35 PM - System Checkpoint
RP420: 11/20/2011 1:48:09 PM - System Checkpoint
RP421: 11/21/2011 5:30:17 PM - System Checkpoint
RP422: 11/22/2011 6:20:49 PM - System Checkpoint
RP423: 11/23/2011 9:18:37 PM - System Checkpoint
RP424: 11/24/2011 11:17:08 PM - System Checkpoint
RP425: 11/26/2011 5:19:23 PM - System Checkpoint
RP426: 11/27/2011 8:13:14 PM - System Checkpoint
RP427: 11/28/2011 10:31:46 PM - System Checkpoint
RP428: 11/29/2011 11:13:12 PM - System Checkpoint
RP429: 12/1/2011 4:25:20 AM - System Checkpoint
RP430: 12/2/2011 6:13:18 AM - System Checkpoint
RP431: 12/3/2011 10:08:09 AM - System Checkpoint
RP432: 12/4/2011 11:26:46 AM - System Checkpoint
RP433: 12/5/2011 12:00:18 PM - System Checkpoint
RP434: 12/6/2011 1:20:28 PM - System Checkpoint
RP435: 12/7/2011 1:24:56 PM - System Checkpoint
RP436: 12/9/2011 11:40:08 AM - System Checkpoint
RP437: 12/10/2011 2:08:23 PM - System Checkpoint
RP438: 12/12/2011 12:05:57 AM - System Checkpoint
RP439: 12/13/2011 3:33:22 AM - System Checkpoint
RP440: 12/14/2011 5:19:56 AM - System Checkpoint
RP441: 12/14/2011 8:53:44 AM - Software Distribution Service 3.0
RP442: 12/14/2011 9:26:26 AM - Software Distribution Service 3.0
RP443: 12/14/2011 9:32:39 AM - Software Distribution Service 3.0
RP444: 12/16/2011 4:18:15 PM - System Checkpoint
RP445: 12/17/2011 4:59:51 PM - System Checkpoint
RP446: 12/19/2011 3:28:12 AM - System Checkpoint
RP447: 12/20/2011 6:54:48 AM - System Checkpoint
RP448: 12/21/2011 7:37:11 AM - System Checkpoint
RP449: 12/22/2011 4:23:43 PM - System Checkpoint
RP450: 12/23/2011 4:58:09 PM - System Checkpoint
RP451: 12/25/2011 11:37:15 AM - System Checkpoint
RP452: 12/26/2011 12:35:49 PM - System Checkpoint
RP453: 12/27/2011 5:21:45 PM - System Checkpoint
RP454: 12/29/2011 10:46:30 AM - System Checkpoint
RP455: 12/30/2011 3:48:00 PM - System Checkpoint
RP456: 12/31/2011 10:42:57 PM - System Checkpoint
RP457: 1/1/2012 10:46:59 PM - System Checkpoint
RP458: 1/3/2012 1:34:55 AM - System Checkpoint
RP459: 1/4/2012 1:48:47 AM - System Checkpoint
RP460: 1/5/2012 12:48:39 PM - System Checkpoint
RP461: 1/6/2012 1:38:43 PM - System Checkpoint
RP462: 1/8/2012 12:10:06 PM - System Checkpoint
RP463: 1/9/2012 12:58:11 PM - System Checkpoint
RP464: 1/10/2012 4:13:50 AM - Restore Operation
RP465: 1/10/2012 6:13:20 AM - Restore Operation
RP466: 1/10/2012 9:20:55 AM - Installed Ad-Aware
RP467: 1/10/2012 9:22:55 AM - Installed Ad-Aware
RP468: 1/10/2012 10:42:23 AM - Removed AVG 2012
RP469: 1/10/2012 10:43:13 AM - Removed AVG 2012
RP470: 1/10/2012 10:47:17 AM - Removed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.7
Adobe Shockwave Player 11
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0
Bonjour
CompuServe
EPSON Printer Software
EPSON Scan
EVGA Precision 2.0.4
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
iSEEK AnswerWorks English Runtime
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton AntiVirus
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
Platform
PS_AIO_04_C4580_Software_Min
Quicken 2011
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Roll
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Star Wars: The Old Republic
Starsiege TRIBES 1.8
System Requirements Lab
TELL ME MORE
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Chrome9 HC IGP Family Display 6.14.10.0133
VIA Platform Device Manager
Viewpoint Media Player
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
Windows Search 4.0
Windows XP Service Pack 3
World of Warcraft
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
1/6/2012 2:13:22 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MACBOOKAIR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8ECCA8B3-18EF-4F4. The master browser is stopping or an election is being forced.
1/10/2012 9:58:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/10/2012 9:52:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/10/2012 9:42:36 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/10/2012 9:31:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSPX SymIRON SYMTDI
1/10/2012 7:09:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
1/10/2012 7:09:26 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 7:07:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:50:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:46:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:43:08 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/10/2012 6:42:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/10/2012 6:41:55 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:37:59 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:17:13 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/10/2012 6:02:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde
1/10/2012 5:56:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/10/2012 4:13:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR210.SYS' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/10/2012 11:52:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/10/2012 11:52:37 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 11:43:37 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
1/10/2012 10:35:49 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/10/2012 10:33:58 AM, error: System Error [1003] - Error code 100000d4, parameter1 b17c7234, parameter2 0000001c, parameter3 00000000, parameter4 80502367.
1/10/2012 10:33:56 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f05e32.
1/10/2012 10:33:44 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f52e32.
1/10/2012 10:33:34 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eebe32.
1/10/2012 10:30:17 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eaae32.
1/10/2012 10:27:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
I think I've contracted a virus or some form of malware on my PC. I left the PC on overnight, and when I woke up, the wireless connection was disconnected. I rebooted and the Windows Activation window popped up (Windows XP Home). Shortly after bootup, I realized that one of the svchost was going out of control. Memory usage would gradually increase to over 500,000 K before I'd end the process. A virus scan with Norton AntiVirus produced no results, however it did keep blocking attacks called Malicious Toolkit Website 9.
I've followed the steps in the stickie, and appreciate any help you kind folks can offer. Thanks so much.
Below are the logs:
MBAM Log
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jeff :: PROJECT [administrator]
1/10/2012 10:55:29 AM
mbam-log-2012-01-10 (10-55-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220950
Time elapsed: 44 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------------------
GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-10 11:58:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: k0yp574g.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\uwldapow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-11 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8A49F2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-19 8A49F2C6
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------------------------
DDS Log: dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jeff at 12:08:15 on 2012-01-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1783 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309924587859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{8ECCA8B3-18EF-4F4F-A1F6-F25821F05B4E} : DhcpNameServer = 68.94.156.1 68.94.157.1
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\dldhuz2k.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-6-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-6-25 744568]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-29 17920]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-6-25 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-6-25 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-11 2253120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120107.001\IDSXpx86.sys [2012-1-10 356280]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVENG.SYS [2012-1-10 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20120110.002\NAVEX15.SYS [2012-1-10 1576312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-11-11 119656]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-4-17 603648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-10 16:53:53 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-01-10 16:53:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-10 16:53:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 16:53:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-10 15:42:05 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-10 13:02:55 -------- d-----w- c:\program files\AVG
2012-01-10 12:47:30 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-10 12:47:13 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-10 12:17:19 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Symantec
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-10 12:14:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-10 10:01:37 -------- d-----w- c:\documents and settings\jeff\local settings\application data\NPE
2012-01-10 09:53:18 -------- d-----w- c:\documents and settings\jeff\application data\Tific
2011-12-14 15:53:49 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Auralog
2011-12-14 15:52:32 -------- d-----w- c:\program files\Auralog
2011-12-14 15:22:02 -------- d-sh--w- c:\documents and settings\jeff\IECompatCache
2011-12-14 15:19:04 -------- d-sh--w- c:\documents and settings\jeff\PrivacIE
2011-12-14 15:16:35 -------- d-sh--w- c:\documents and settings\jeff\IETldCache
2011-12-14 15:01:16 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-12-14 15:00:56 -------- d-----w- c:\windows\ie8updates
2011-12-14 15:00:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-14 15:00:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-14 15:00:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-14 15:00:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-14 15:00:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-14 15:00:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-14 15:00:16 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-12-14 14:58:54 -------- dc-h--w- c:\windows\ie8
2011-12-14 14:46:09 -------- d-----w- c:\documents and settings\all users\application data\Auralog
2011-12-13 12:14:23 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-01-10 15:43:24 26112 ----a-w- c:\windows\system32\userinit.exe
2012-01-10 09:46:58 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-10 09:46:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-09 18:16:19 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 11:02:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000AACS-00ZUB0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4A249F]<<
c:\windows\system32\drivers\xfilt.sys VIA Technologies,Inc VIA filter driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4a9738]; MOV EAX, [0x8a4a98ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A568AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A56B9A0]
5 xfilt[0xF7648046] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000074[0x8A56C968]
7 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5A8D98]
\Driver\atapi[0x8A4FFA70] -> IRP_MJ_CREATE -> 0x8A4A249F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4A22C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:10:10.85 ===============
--------------------------------------------------------------------------
DDS Log: Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2008 10:51:21 PM
System Uptime: 1/10/2012 12:06:40 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7253
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 270.279 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Compatable Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Compatable Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_72531462&REV_7C\3&2411E6FE&0&90
Service: FETNDIS
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4500,10.0.0.220
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP397: 10/12/2011 12:16:39 PM - System Checkpoint
RP398: 10/13/2011 1:07:46 PM - System Checkpoint
RP399: 10/15/2011 2:48:50 PM - System Checkpoint
RP400: 10/16/2011 3:06:21 PM - System Checkpoint
RP401: 10/17/2011 3:30:14 PM - System Checkpoint
RP402: 11/4/2011 5:30:35 PM - System Checkpoint
RP403: 11/6/2011 11:13:47 AM - System Checkpoint
RP404: 11/7/2011 12:50:04 PM - System Checkpoint
RP405: 11/8/2011 1:34:10 PM - System Checkpoint
RP406: 11/9/2011 2:30:03 PM - System Checkpoint
RP407: 11/10/2011 1:49:32 PM - Installed DirectX
RP408: 11/10/2011 1:49:44 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP409: 11/11/2011 2:39:07 PM - System Checkpoint
RP410: 11/11/2011 9:12:44 PM - Update to an unsigned driver
RP411: 11/11/2011 9:19:49 PM - Update to an unsigned driver
RP412: 11/11/2011 9:27:07 PM - Installed DirectX
RP413: 11/12/2011 10:55:20 PM - System Checkpoint
RP414: 11/14/2011 1:00:47 AM - System Checkpoint
RP415: 11/15/2011 1:12:28 AM - System Checkpoint
RP416: 11/16/2011 11:39:42 AM - System Checkpoint
RP417: 11/17/2011 12:05:49 PM - System Checkpoint
RP418: 11/18/2011 1:35:16 PM - System Checkpoint
RP419: 11/19/2011 1:44:35 PM - System Checkpoint
RP420: 11/20/2011 1:48:09 PM - System Checkpoint
RP421: 11/21/2011 5:30:17 PM - System Checkpoint
RP422: 11/22/2011 6:20:49 PM - System Checkpoint
RP423: 11/23/2011 9:18:37 PM - System Checkpoint
RP424: 11/24/2011 11:17:08 PM - System Checkpoint
RP425: 11/26/2011 5:19:23 PM - System Checkpoint
RP426: 11/27/2011 8:13:14 PM - System Checkpoint
RP427: 11/28/2011 10:31:46 PM - System Checkpoint
RP428: 11/29/2011 11:13:12 PM - System Checkpoint
RP429: 12/1/2011 4:25:20 AM - System Checkpoint
RP430: 12/2/2011 6:13:18 AM - System Checkpoint
RP431: 12/3/2011 10:08:09 AM - System Checkpoint
RP432: 12/4/2011 11:26:46 AM - System Checkpoint
RP433: 12/5/2011 12:00:18 PM - System Checkpoint
RP434: 12/6/2011 1:20:28 PM - System Checkpoint
RP435: 12/7/2011 1:24:56 PM - System Checkpoint
RP436: 12/9/2011 11:40:08 AM - System Checkpoint
RP437: 12/10/2011 2:08:23 PM - System Checkpoint
RP438: 12/12/2011 12:05:57 AM - System Checkpoint
RP439: 12/13/2011 3:33:22 AM - System Checkpoint
RP440: 12/14/2011 5:19:56 AM - System Checkpoint
RP441: 12/14/2011 8:53:44 AM - Software Distribution Service 3.0
RP442: 12/14/2011 9:26:26 AM - Software Distribution Service 3.0
RP443: 12/14/2011 9:32:39 AM - Software Distribution Service 3.0
RP444: 12/16/2011 4:18:15 PM - System Checkpoint
RP445: 12/17/2011 4:59:51 PM - System Checkpoint
RP446: 12/19/2011 3:28:12 AM - System Checkpoint
RP447: 12/20/2011 6:54:48 AM - System Checkpoint
RP448: 12/21/2011 7:37:11 AM - System Checkpoint
RP449: 12/22/2011 4:23:43 PM - System Checkpoint
RP450: 12/23/2011 4:58:09 PM - System Checkpoint
RP451: 12/25/2011 11:37:15 AM - System Checkpoint
RP452: 12/26/2011 12:35:49 PM - System Checkpoint
RP453: 12/27/2011 5:21:45 PM - System Checkpoint
RP454: 12/29/2011 10:46:30 AM - System Checkpoint
RP455: 12/30/2011 3:48:00 PM - System Checkpoint
RP456: 12/31/2011 10:42:57 PM - System Checkpoint
RP457: 1/1/2012 10:46:59 PM - System Checkpoint
RP458: 1/3/2012 1:34:55 AM - System Checkpoint
RP459: 1/4/2012 1:48:47 AM - System Checkpoint
RP460: 1/5/2012 12:48:39 PM - System Checkpoint
RP461: 1/6/2012 1:38:43 PM - System Checkpoint
RP462: 1/8/2012 12:10:06 PM - System Checkpoint
RP463: 1/9/2012 12:58:11 PM - System Checkpoint
RP464: 1/10/2012 4:13:50 AM - Restore Operation
RP465: 1/10/2012 6:13:20 AM - Restore Operation
RP466: 1/10/2012 9:20:55 AM - Installed Ad-Aware
RP467: 1/10/2012 9:22:55 AM - Installed Ad-Aware
RP468: 1/10/2012 10:42:23 AM - Removed AVG 2012
RP469: 1/10/2012 10:43:13 AM - Removed AVG 2012
RP470: 1/10/2012 10:47:17 AM - Removed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 9.4.7
Adobe Shockwave Player 11
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0
Bonjour
CompuServe
EPSON Printer Software
EPSON Scan
EVGA Precision 2.0.4
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
iSEEK AnswerWorks English Runtime
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton AntiVirus
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
Platform
PS_AIO_04_C4580_Software_Min
Quicken 2011
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Roll
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Star Wars: The Old Republic
Starsiege TRIBES 1.8
System Requirements Lab
TELL ME MORE
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Chrome9 HC IGP Family Display 6.14.10.0133
VIA Platform Device Manager
Viewpoint Media Player
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format Runtime
Windows Search 4.0
Windows XP Service Pack 3
World of Warcraft
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
1/6/2012 2:13:22 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MACBOOKAIR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8ECCA8B3-18EF-4F4. The master browser is stopping or an election is being forced.
1/10/2012 9:58:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/10/2012 9:52:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/10/2012 9:42:36 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/10/2012 9:31:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSPX SymIRON SYMTDI
1/10/2012 7:09:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
1/10/2012 7:09:26 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 7:07:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgldx86 Avgmfx86 BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:50:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 eeCtrl Fips SRTSP SRTSPX SymIRON SYMTDI
1/10/2012 6:46:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:46:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2012 6:43:08 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/10/2012 6:42:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/10/2012 6:41:55 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:37:59 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/10/2012 6:17:13 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/10/2012 6:02:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde
1/10/2012 5:56:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/10/2012 4:13:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR210.SYS' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/10/2012 11:52:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/10/2012 11:52:37 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 11:43:37 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
1/10/2012 10:35:49 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/10/2012 10:33:58 AM, error: System Error [1003] - Error code 100000d4, parameter1 b17c7234, parameter2 0000001c, parameter3 00000000, parameter4 80502367.
1/10/2012 10:33:56 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f05e32.
1/10/2012 10:33:44 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9f52e32.
1/10/2012 10:33:34 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eebe32.
1/10/2012 10:30:17 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 b9eaae32.
1/10/2012 10:27:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================