Appreciate any help or suggestions. BSOD of the 0x0000008E and 0x000000C2 (bad_pool_caller) variety. Can't install service pack or anti-virus without BSOD. I managed to get SP3 installed, somehow, however. I left a full-scan of Malwarebytes going overnight, after 14 hours I cancelled it, however 40 further infections removed. Here are the logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7882
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
10/5/2011 8:30:57 PM
mbam-log-2011-10-05 (20-30-48).txt
Scan type: Quick scan
Objects scanned: 199476
Time elapsed: 13 minute(s), 6 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> 1056 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate1ca655ebe40a31e (Trojan.PatchLoad) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.PatchLoad) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE (Backdoor.IRCBot) -> Value: HPWUSCHD2.EXE -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\TCTRLIOHOOK.EXE (Backdoor.IRCBot) -> Value: TCTRLIOHOOK.EXE -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\ZOOMINGHOOK.EXE (Backdoor.IRCBot) -> Value: ZOOMINGHOOK.EXE -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Downloader) -> Bad: (Explorer.exe) Good: () -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\explorer.exe (Trojan.Downloader) -> No action taken.
c:\program files\Google\Update\googleupdate.exe (Trojan.PatchLoad) -> No action taken.
c:\WINDOWS\system32\B5RY8.com (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\tctrliohook.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\zoominghook.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\TPSMain.exe (Backdoor.IRCBot) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc206.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc234.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc605418953.txt (Trojan.Agent.Gen) -> No action taken.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-06 11:48:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8026GAX rev.PA000U
Running: e8fz6uh6.exe; Driver: C:\DOCUME~1\ERegan\LOCALS~1\Temp\pgldypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- System - GMER 1.0.15 ----
SSDT hdsector.sys ZwQueryDirectoryFile [0xF78AC776] <-- ROOTKIT !!!
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A9E231B
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\hdsector.sys (*** hidden *** ) [BOOT] hdsector <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ERegan at 11:52:13 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1382 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uWinlogon: Shell=c:\documents and settings\eregan\local settings\application data\af48e02d\X
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Zinio DLM] c:\program files\zinio\ZinioDeliveryManager.exe /autostart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://www.caworkroom.com/qp2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9DF47B4E-B7ED-46E1-BFB9-B336DCB87375} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-6-11 3712]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-18 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-18 1371184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-06 00:42:44 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-10-06 00:34:18 -------- d-----w- C:\0b9aea05172f7ac64bd71ba5
2011-10-05 23:56:30 -------- d-----w- C:\ee8a00c41ba25e0314d56809315046
2011-10-05 23:44:23 -------- d-----w- C:\eec52521b27bd034ede6058fa8f7c1
2011-10-05 23:16:59 -------- d-sha-r- C:\cmdcons
2011-10-05 23:15:44 113152 ----a-w- c:\documents and settings\all users\application data\psfhjvPh.exe
2011-10-05 23:14:42 -------- d-s---w- C:\ComboFix
2011-10-05 22:25:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-05 22:22:14 98816 ----a-w- c:\windows\sed.exe
2011-10-05 22:22:14 518144 ----a-w- c:\windows\SWREG.exe
2011-10-05 22:22:14 256000 ----a-w- c:\windows\PEV.exe
2011-10-05 22:22:14 208896 ----a-w- c:\windows\MBR.exe
2011-10-05 21:41:28 -------- d-----w- c:\windows\EHome
2011-10-05 21:06:24 -------- d-----w- C:\51523192b69ef106e2d8
2011-10-05 20:16:35 -------- d-----w- c:\program files\WhoCrashed
2011-10-05 18:58:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-05 18:58:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-05 18:39:35 -------- d-----w- c:\documents and settings\eregan\application data\Malwarebytes
2011-10-05 18:39:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-05 18:39:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 18:39:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 05:00:43 -------- d-sh--w- c:\documents and settings\eregan\IECompatCache
2011-10-04 01:01:49 147456 ----a-w- c:\windows\system32\B5RY8.com
2011-10-04 00:50:35 -------- d-sh--w- c:\documents and settings\eregan\local settings\application data\af48e02d
.
==================== Find3M ====================
.
2011-10-04 01:01:47 147460 ------w- c:\windows\system32\TCtrlIOHook.exe
2011-10-04 01:01:46 147460 ------w- c:\windows\system32\ZoomingHook.exe
2011-10-04 01:01:46 147460 ------w- c:\windows\system32\TPSMain.exe
2011-07-18 23:10:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8026GAX rev.PA000U -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9E24D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9e87d0]; MOV EAX, [0x8a9e884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A9CFAB8]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000007a[0x8A9B1F18]
5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E37C5] -> [0x8AA0A940]
\Driver\atapi[0x8A9DF850] -> IRP_MJ_CREATE -> 0x8A9E24D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9E231B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:55:45.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2006 10:28:43 PM
System Uptime: 10/6/2011 11:41:30 AM (0 hours ago)
.
Motherboard: TOSHIBA | | EBQ10
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1728/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 44.736 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/5/2011 9:20:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BlackBerry Desktop Software 4.2.2
Bonjour
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Corel GuideMenu
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DVD-RAM Driver
eSupportQFolder
FrostWire 4.21.5
Google Earth
Google Update Helper
GuideMenu
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 5400 series
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet5400Series
HPProductAssistant
IMapViewer 1.1.0(05051801)
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
InterVideo WinDVD SE
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 21
KhalSetup
LiveUpdate 1.80 (Symantec Corporation)
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDFCreator
PDFCreator Toolbar
Picasa 3
QuickTime
QuickTime for Windows (32-bit)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Media Manager
Safari
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Status
Symantec AntiVirus Client
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
TrayApp
TWV UAM
Ulead DVD MovieFactory SE
Unload
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utility Common Driver
WebFldrs XP
WebReg
WhoCrashed 3.02
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows NT Messaging
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
10/6/2011 9:16:41 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
10/6/2011 8:16:53 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
10/6/2011 7:16:45 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
10/6/2011 6:16:47 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
10/6/2011 5:16:50 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
10/6/2011 4:16:42 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
10/6/2011 3:30:50 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
10/6/2011 2:16:47 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
10/6/2011 12:16:47 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
10/6/2011 11:43:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
10/6/2011 11:16:51 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
10/6/2011 10:16:59 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
10/6/2011 1:16:45 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
10/5/2011 9:24:52 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 9:24:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
10/5/2011 9:24:11 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.
10/5/2011 9:22:21 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
10/5/2011 8:08:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office 2003 (KB949074).
10/5/2011 8:06:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/5/2011 7:50:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/5/2011 7:12:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/5/2011 7:10:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/5/2011 7:02:55 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 7:02:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/5/2011 6:17:05 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 b9dcdc68, parameter4 00000000.
10/5/2011 5:57:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/5/2011 4:05:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 a08b5c68, parameter4 00000000.
10/5/2011 3:09:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2011 2:51:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/5/2011 2:38:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/5/2011 2:37:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SerTVOutCtlr SrvcEKIOMngr SrvcSSIOMngr TPwSav
10/5/2011 2:36:23 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2011 2:28:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
10/5/2011 2:28:47 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 11:37:15 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
10/5/2011 11:16:54 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
10/5/2011 10:16:55 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
10/5/2011 1:15:01 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 9bcc1bf8, parameter4 00000000.
10/4/2011 2:42:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
10/4/2011 2:42:45 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:45 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveShare P2P Server 9 service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
10/4/2011 2:42:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IviRegMgr service to connect.
10/4/2011 2:42:41 AM, error: Service Control Manager [7000] - The IviRegMgr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DVD-RAM_Service service to connect.
10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DefWatch service to connect.
10/4/2011 2:42:39 AM, error: Service Control Manager [7000] - The DVD-RAM_Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 12:48:25 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
10/4/2011 12:45:46 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000017, parameter2 805e3684, parameter3 9c8297dc, parameter4 00000000.
10/4/2011 12:40:51 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/4/2011 12:39:19 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 12:39:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
10/4/2011 12:39:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
10/4/2011 12:39:15 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:32:26 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/3/2011 9:19:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/3/2011 9:19:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1ca655ebe40a31e) service to connect.
10/3/2011 9:19:32 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca655ebe40a31e) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:19:03 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/3/2011 9:18:29 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus Client service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ConfigFree Service service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:17:28 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:17:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
10/3/2011 9:11:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7882
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
10/5/2011 8:30:57 PM
mbam-log-2011-10-05 (20-30-48).txt
Scan type: Quick scan
Objects scanned: 199476
Time elapsed: 13 minute(s), 6 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> 1056 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate1ca655ebe40a31e (Trojan.PatchLoad) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.PatchLoad) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE (Backdoor.IRCBot) -> Value: HPWUSCHD2.EXE -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\TCTRLIOHOOK.EXE (Backdoor.IRCBot) -> Value: TCTRLIOHOOK.EXE -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\ZOOMINGHOOK.EXE (Backdoor.IRCBot) -> Value: ZOOMINGHOOK.EXE -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Downloader) -> Bad: (Explorer.exe) Good: () -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\HP\hp software update\hpwuschd2.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\explorer.exe (Trojan.Downloader) -> No action taken.
c:\program files\Google\Update\googleupdate.exe (Trojan.PatchLoad) -> No action taken.
c:\WINDOWS\system32\B5RY8.com (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\tctrliohook.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\zoominghook.exe (Backdoor.IRCBot) -> No action taken.
c:\WINDOWS\system32\TPSMain.exe (Backdoor.IRCBot) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc206.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc234.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\ERegan\application data\Adobe\plugs\mmc605418953.txt (Trojan.Agent.Gen) -> No action taken.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-06 11:48:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8026GAX rev.PA000U
Running: e8fz6uh6.exe; Driver: C:\DOCUME~1\ERegan\LOCALS~1\Temp\pgldypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- System - GMER 1.0.15 ----
SSDT hdsector.sys ZwQueryDirectoryFile [0xF78AC776] <-- ROOTKIT !!!
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A9E231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A9E231B
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\hdsector.sys (*** hidden *** ) [BOOT] hdsector <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ERegan at 11:52:13 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1382 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uWinlogon: Shell=c:\documents and settings\eregan\local settings\application data\af48e02d\X
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Zinio DLM] c:\program files\zinio\ZinioDeliveryManager.exe /autostart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://www.caworkroom.com/qp2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9DF47B4E-B7ED-46E1-BFB9-B336DCB87375} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-6-11 3712]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-18 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-18 1371184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-06 00:42:44 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-10-06 00:34:18 -------- d-----w- C:\0b9aea05172f7ac64bd71ba5
2011-10-05 23:56:30 -------- d-----w- C:\ee8a00c41ba25e0314d56809315046
2011-10-05 23:44:23 -------- d-----w- C:\eec52521b27bd034ede6058fa8f7c1
2011-10-05 23:16:59 -------- d-sha-r- C:\cmdcons
2011-10-05 23:15:44 113152 ----a-w- c:\documents and settings\all users\application data\psfhjvPh.exe
2011-10-05 23:14:42 -------- d-s---w- C:\ComboFix
2011-10-05 22:25:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-10-05 22:22:14 98816 ----a-w- c:\windows\sed.exe
2011-10-05 22:22:14 518144 ----a-w- c:\windows\SWREG.exe
2011-10-05 22:22:14 256000 ----a-w- c:\windows\PEV.exe
2011-10-05 22:22:14 208896 ----a-w- c:\windows\MBR.exe
2011-10-05 21:41:28 -------- d-----w- c:\windows\EHome
2011-10-05 21:06:24 -------- d-----w- C:\51523192b69ef106e2d8
2011-10-05 20:16:35 -------- d-----w- c:\program files\WhoCrashed
2011-10-05 18:58:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-05 18:58:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-05 18:39:35 -------- d-----w- c:\documents and settings\eregan\application data\Malwarebytes
2011-10-05 18:39:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-05 18:39:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 18:39:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 05:00:43 -------- d-sh--w- c:\documents and settings\eregan\IECompatCache
2011-10-04 01:01:49 147456 ----a-w- c:\windows\system32\B5RY8.com
2011-10-04 00:50:35 -------- d-sh--w- c:\documents and settings\eregan\local settings\application data\af48e02d
.
==================== Find3M ====================
.
2011-10-04 01:01:47 147460 ------w- c:\windows\system32\TCtrlIOHook.exe
2011-10-04 01:01:46 147460 ------w- c:\windows\system32\ZoomingHook.exe
2011-10-04 01:01:46 147460 ------w- c:\windows\system32\TPSMain.exe
2011-07-18 23:10:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8026GAX rev.PA000U -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9E24D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9e87d0]; MOV EAX, [0x8a9e884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A9CFAB8]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000007a[0x8A9B1F18]
5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E37C5] -> [0x8AA0A940]
\Driver\atapi[0x8A9DF850] -> IRP_MJ_CREATE -> 0x8A9E24D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9E231B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:55:45.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2006 10:28:43 PM
System Uptime: 10/6/2011 11:41:30 AM (0 hours ago)
.
Motherboard: TOSHIBA | | EBQ10
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1728/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 44.736 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/5/2011 9:20:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BlackBerry Desktop Software 4.2.2
Bonjour
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Corel GuideMenu
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DVD-RAM Driver
eSupportQFolder
FrostWire 4.21.5
Google Earth
Google Update Helper
GuideMenu
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 5400 series
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet5400Series
HPProductAssistant
IMapViewer 1.1.0(05051801)
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
InterVideo WinDVD SE
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 21
KhalSetup
LiveUpdate 1.80 (Symantec Corporation)
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDFCreator
PDFCreator Toolbar
Picasa 3
QuickTime
QuickTime for Windows (32-bit)
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Media Manager
Safari
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Status
Symantec AntiVirus Client
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
TrayApp
TWV UAM
Ulead DVD MovieFactory SE
Unload
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utility Common Driver
WebFldrs XP
WebReg
WhoCrashed 3.02
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows NT Messaging
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
10/6/2011 9:16:41 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
10/6/2011 8:16:53 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
10/6/2011 7:16:45 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
10/6/2011 6:16:47 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
10/6/2011 5:16:50 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
10/6/2011 4:16:42 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
10/6/2011 3:30:50 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
10/6/2011 2:16:47 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
10/6/2011 12:16:47 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
10/6/2011 11:43:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
10/6/2011 11:16:51 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
10/6/2011 10:16:59 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
10/6/2011 1:16:45 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
10/5/2011 9:24:52 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 9:24:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
10/5/2011 9:24:11 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.
10/5/2011 9:22:21 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
10/5/2011 8:08:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Office 2003 (KB949074).
10/5/2011 8:06:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/5/2011 7:50:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/5/2011 7:12:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/5/2011 7:10:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/5/2011 7:02:55 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 7:02:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/5/2011 6:17:05 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 b9dcdc68, parameter4 00000000.
10/5/2011 5:57:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/5/2011 4:05:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 a08b5c68, parameter4 00000000.
10/5/2011 3:09:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2011 2:51:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/5/2011 2:38:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/5/2011 2:37:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SerTVOutCtlr SrvcEKIOMngr SrvcSSIOMngr TPwSav
10/5/2011 2:36:23 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/5/2011 2:28:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
10/5/2011 2:28:47 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/5/2011 11:37:15 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
10/5/2011 11:16:54 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
10/5/2011 10:16:55 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
10/5/2011 1:15:01 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80564272, parameter3 9bcc1bf8, parameter4 00000000.
10/4/2011 2:42:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
10/4/2011 2:42:45 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:45 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveShare P2P Server 9 service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
10/4/2011 2:42:43 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
10/4/2011 2:42:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IviRegMgr service to connect.
10/4/2011 2:42:41 AM, error: Service Control Manager [7000] - The IviRegMgr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DVD-RAM_Service service to connect.
10/4/2011 2:42:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DefWatch service to connect.
10/4/2011 2:42:39 AM, error: Service Control Manager [7000] - The DVD-RAM_Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 12:48:25 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
10/4/2011 12:45:46 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000017, parameter2 805e3684, parameter3 9c8297dc, parameter4 00000000.
10/4/2011 12:40:51 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/4/2011 12:39:19 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2011 12:39:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
10/4/2011 12:39:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
10/4/2011 12:39:15 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:32:26 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/3/2011 9:19:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate1ca655ebe40a31e with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/3/2011 9:19:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1ca655ebe40a31e) service to connect.
10/3/2011 9:19:32 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca655ebe40a31e) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:19:03 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/3/2011 9:18:29 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus Client service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ConfigFree Service service to connect.
10/3/2011 9:17:30 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:17:28 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2011 9:17:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
10/3/2011 9:11:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================