Infected by rootkit zeroaccess

i do have a question is there a way we can repair? without wiping all ( there must be a reason i have no access in normal mode )

starting to back up but at this rate I will be doing this for days.

my son tells me he could have one (but we dunno if its legit) although we have a key for it....would it work he telles me its sp3 (which I think we are sp3 version

k have it(its on a burned cd so not sure its legit my son gave to me now).

wanted to say I appreciate the help and patience

Also if it might help I have access i normal mode to command prompt


and have gateway restore dvd

k but the cd I have is xp pro...dunno if thats what I have here on this cmpter

k I backed up most of my data and did the recovery with backup last night. (I choose backup the files in the system recovery?)

I still have a few probems dunno if u can help me. INternet sometimes opens or not. right now working but wonder why it sometimes doesnt. also is there a way we can make sure that virus isnt back also it acts up wont let me write the bar keeps on moving by itself

should I rerun or try in normal rkill and tdsskiller and combo?

ANyway wanted to reinstall mbam and it wont allow me. so obviously the virus is still there

and theres seems to be glitches so far such as my usb key (where I have the antiviruses.it jammed when I placed it in and wouldnt open or nothing. it took 5-6 minutes before it opened and Ithink that s not normal.

also when I tried to install one of my software (I wrote the password unto a notepad file) when Iopened it the notepad info started to move and got deleted. is it possible the virus is still there?

LEt met know if since this is post virus I should open another thread.

wanted to finish reinstalling today since going back to work tomorrow but right now I think Ill wait. theres obviously still problems I did finish though to move data from backup into regular c drive.

update I managed to install mabm but it wasnt obvious...and it stopped in the middle!so I restarted it.ill post the mbam file log here

Maybe I should nt have done recovery with backup files?

first mbam
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: NP [administrator]

4/10/2012 10:17:20 AM
mbam-log-2012-04-10 (10-17-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 58394
Time elapsed: 21 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\kilisent\zSOFTWARE STORAGE\USE ALCOHOL120\zMicrosoft Office 2007 Enterprise Edition\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)


second mbabm was ok

no i didnt what I did was everything that was in backup I just tranferred it into regular c drive. its possible theres bogus software I didnt have time to check. Guess that was dumb.

The only software I installed are windows player, real my photo software and quick time. all regular software(mine or that came with gateway) I was trying to install another of mine (non bogus for sure) when I got the problems I mentionned.

Ill start deleting files that seems bogus (such as the one we just saw)

Im installing avast next (freeware) cause for some reason it wouldnt accept my code.

doing gmer (basically im redoing the 5 steps mentionned)

here is gmer. I had started it before your reply
updates on the way and avast next

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-10 13:18:22
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2500JD-22HBB0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

? rbrdui.sys The system cannot find the file specified. !
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF7757360]

---- EOF - GMER 1.0.15 ----

all microsoft updates completed. cleaned the computer of all Icould think might be suspicious especially from backup of yesterday.

avast found nothing.
mbam found nothing
gmer even though disconnected from internet and avast off in the beg. scan if found many avast rootkit files. so not sure if Ishould proceed anyway?

I disabled avast. then uplugged the internet cable as mentionned in 5 steps. Then I opened Gmer and at the beginning it runs for a few seconds. I got a dozen hits regarding avast. (I never saw anything there, before it would run then after that mini scan I clicked scan but in the opening scan I got those avast links) should I procedd nonetheless with gmer even though it still sees avast?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:07:07 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1509.1144 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.metacrawler.com/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1334078451687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
TCP: Interfaces\{826423B9-6621-48B0-801F-26BC0A96DEAF} : DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-10 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-10 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-10 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-10 44768]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [2012-4-10 33696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
.
=============== Created Last 30 ================
.
2012-04-10 20:53:25 -------- d-----w- c:\program files\home plan software
2012-04-10 19:05:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2012-04-10 19:04:55 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 19:04:31 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 19:04:14 -------- d-----w- c:\program files\AVAST Software
2012-04-10 19:04:14 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-10 18:51:52 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2012-04-10 18:50:59 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2012-04-10 18:45:44 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-04-10 18:45:25 -------- d-----w- c:\windows\ie8updates
2012-04-10 18:45:19 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-04-10 18:45:19 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-04-10 18:45:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-04-10 18:45:19 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-04-10 18:45:19 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-04-10 18:45:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-04-10 18:45:19 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-04-10 18:44:19 -------- dc-h--w- c:\windows\ie8
2012-04-10 18:35:40 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-10 18:35:40 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-10 18:33:14 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-10 18:33:04 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-04-10 18:32:53 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-10 18:31:01 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-04-10 18:30:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-04-10 18:30:29 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-04-10 18:30:29 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-04-10 18:30:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-04-10 18:28:01 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-10 18:24:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-10 18:24:38 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-04-10 18:17:39 -------- d-----w- c:\program files\Messenger
2012-04-10 18:17:24 -------- d-----w- c:\windows\system32\scripting
2012-04-10 18:17:24 -------- d-----w- c:\windows\l2schemas
2012-04-10 18:17:23 -------- d-----w- c:\windows\system32\en
2012-04-10 18:17:23 -------- d-----w- c:\windows\system32\bits
2012-04-10 18:14:39 -------- d-----w- c:\windows\network diagnostic
2012-04-10 18:11:45 -------- d-----w- c:\windows\EHome
2012-04-10 17:53:47 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2012-04-10 17:42:49 -------- d-----w- c:\program files\MSXML 4.0
2012-04-10 17:38:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\ApplicationHistory
2012-04-10 17:35:38 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-04-10 17:34:06 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-04-10 17:33:48 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-04-10 17:32:59 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-04-10 17:32:59 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-04-10 17:32:52 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-04-10 17:28:57 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-04-10 17:28:20 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-04-10 17:28:20 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-10 17:28:17 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-04-10 17:23:13 -------- d-----w- c:\windows\system32\PreInstall
2012-04-10 17:23:12 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-04-10 17:23:11 -------- d--h--w- c:\windows\$hf_mig$
2012-04-10 17:20:35 -------- d-sh--w- c:\documents and settings\owner\UserData
2012-04-10 14:10:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-04-10 14:10:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-10 14:10:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 14:10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 13:29:54 33696 ----a-w- c:\windows\system32\drivers\fastpara.sys
2012-04-10 02:58:59 61500 ----a-w- c:\windows\system32\usrcntra.dll
2012-04-10 02:57:59 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2012-04-10 02:56:34 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2012-04-10 02:54:59 9216 -c--a-w- c:\windows\system32\dllcache\subst.exe
2012-04-10 02:53:59 76800 ----a-w- c:\windows\system32\nslookup.exe
2012-04-10 02:52:03 9728 -c--a-w- c:\windows\system32\dllcache\label.exe
2012-04-10 02:51:59 81920 ----a-w- c:\windows\system32\isign32.dll
2012-04-10 02:50:37 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2012-04-10 02:49:54 8192 -c--a-w- c:\windows\system32\dllcache\asferror.dll
2012-04-10 02:07:25 -------- d-----r- C:\Program Files
2012-04-10 02:06:32 -------- d-----r- c:\documents and settings\all users\Documents
2012-04-10 01:59:19 -------- d-----r- c:\windows\Offline Web Pages
2012-04-10 01:58:02 -------- dcsh--r- c:\windows\system32\dllcache
2012-04-10 01:56:27 -------- d-----w- C:\My Backup -- 12-04-09 0656PM
2012-04-10 00:48:59 -------- d-----w- c:\program files\Big Hammer
2012-04-10 00:45:17 -------- d-----w- c:\program files\Druide
2012-04-10 00:44:54 -------- d-----w- c:\program files\PDF-Convert
2012-04-10 00:44:43 913408 ----a-w- c:\program files\windows media player\wmpnetwk.exe
2012-04-10 00:44:43 493568 ----a-w- c:\program files\windows media player\wmdbexport.exe
2012-04-10 00:44:43 36864 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-04-10 00:44:43 25600 ----a-w- c:\program files\windows media player\wmpenc.exe
2012-04-10 00:44:43 241664 ----a-w- c:\program files\windows media player\wmlaunch.exe
2012-04-10 00:44:43 204288 ----a-w- c:\program files\windows media player\wmpnscfg.exe
2012-04-10 00:44:43 198144 ----a-w- c:\program files\windows media player\wmpnssci.dll
2012-04-10 00:44:43 1669120 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2012-04-10 00:44:42 410928 ----a-w- c:\program files\windows media player\LegitLibM.dll
2012-04-10 00:43:59 -------- d-----w- c:\program files\twain_32
2012-04-10 00:43:35 -------- d-----w- c:\program files\Samsung
2012-04-10 00:43:06 -------- d-----w- c:\program files\maxxscan61
2012-04-10 00:41:18 -------- d-----w- c:\program files\compeyescan300600
2012-04-10 00:32:23 -------- d-----w- c:\documents and settings\owner\application data\Symantec
2012-04-10 00:17:36 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-04-10 00:15:20 -------- d-----w- C:\SYSPREP
2012-04-10 00:13:01 -------- d-----w- c:\windows\system32\SoftwareDistribution
.
==================== Find3M ====================
.
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-28 18:50:29 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:08:22.45 ===============
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2012 8:14:07 PM
System Uptime: 4/10/2012 7:05:20 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D915GSE
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | | 3200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 176.389 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB Device
Device ID: USB\VID_05CB&PID_1483\5&1AEC3740&0&1
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_05CB&PID_1483\5&1AEC3740&0&1
Service:
.
==== System Restore Points ===================
.
RP6: 4/10/2012 11:28:18 AM - System Checkpoint
RP7: 4/10/2012 1:22:35 PM - Software Distribution Service 3.0
RP8: 4/10/2012 1:36:31 PM - Software Distribution Service 3.0
RP9: 4/10/2012 1:55:17 PM - Software Distribution Service 3.0
RP10: 4/10/2012 2:36:15 PM - Software Distribution Service 3.0
RP11: 4/10/2012 2:53:25 PM - Software Distribution Service 3.0
RP12: 4/10/2012 3:04:14 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
America Online (Choose which version to remove)
avast! Free Antivirus
BigFix
Compeye 300/600 Driver
Digital Media Reader
Google Update Helper
High Definition Audio Driver Package - KB835221
Home Plan Pro version 5.2.12.20
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
hp deskjet 3320 series
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft Picture It! Photo Premium 9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
oobeFlagNetscape0
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoftV92 Data Fax Modem with SmartCP
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npwmsdrm.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npdsplay.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 3.0.2.629, the version of the system file is 3.0.2.628.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\npdrmv2.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 9.0.0.4503, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:49 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 9.0.0.3250.
4/9/2012 8:44:48 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mplayer2.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.4.9.1126, the version of the system file is 6.4.9.1125.
4/9/2012 8:42:28 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\inetwiz.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:28 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwutil.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:28 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwrmind.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwhelp.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwdl.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn2.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn1.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:42:27 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.2180.
4/9/2012 8:37:06 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/10/2012 9:31:50 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{826423B9-6621-48B0-801F-26BC0A96DEAF} because another computer on the network has the same name. The server could not start.
4/10/2012 9:31:50 AM, error: NetBT [4321] - The name "NP :20" could not be registered on the Interface with IP address 169.254.97.224. The machine with the IP address 169.254.0.60 did not allow the name to be claimed by this machine.
4/10/2012 9:31:50 AM, error: NetBT [4321] - The name "NP :0" could not be registered on the Interface with IP address 169.254.97.224. The machine with the IP address 169.254.0.60 did not allow the name to be claimed by this machine.
4/10/2012 11:55:19 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
4/10/2012 10:39:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
.
==== End Of File ===========================