Evangelical
Posts: 16 +0
i have a Win XP Pro laptop with the redirect issue. I have applied the 6 step suggested in the forum. The resulting logs follow.
Thanks in advance for your help!
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5184
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/24/2010 1:07:20 PM
mbam-log-2010-11-24 (13-07-20).txt
Scan type: Quick scan
Objects scanned: 163923
Time elapsed: 8 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\kmiller\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-24 13:25:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK1246GSX rev.LB213M
Running: ftob31p1.exe; Driver: C:\DOCUME~1\KENMIL~1\LOCALS~1\Temp\kxddqpob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 234441392 (+254): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DBC9A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9DBC940]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9DBC954]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DBC9BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DBC9E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9DBCA54]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9DBCA3E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9DBCA6A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DBCAFE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9DBCA96]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DBC992]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DBC904]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DBC918]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9DBCAD2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9DBCA28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9DBCA12]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DBC9D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9DBCABE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9DBCAAA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9DBC97E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9DBC96A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DBC9FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DBCB2D]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9DBCA80]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DBCB14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DBCAE8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 8A606AEA
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213M__#5&22499e11&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS.txt:
DDS (Ver_10-11-10.01) - NTFSx86
Run by Ken Miller at 13:32:30.34 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1374 [GMT -5:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ken Miller\Application Data\U3\00001680D773D557\LaunchPad.exe
C:\Documents and Settings\Ken Miller\Desktop\logs\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://msn.com
mDefault_Search_URL = hxxp://msn.com
mSearch Page = hxxp://google.com
mStart Page = hxxp://msn.com
uInternet Settings,ProxyServer = jal.lmf.net:8013
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kenmil~1\applic~1\mozilla\firefox\profiles\i90y8dfj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.ftp - jal.lmf.net
FF - prefs.js: network.proxy.ftp_port - 8013
FF - prefs.js: network.proxy.gopher - jal.lmf.net
FF - prefs.js: network.proxy.gopher_port - 8013
FF - prefs.js: network.proxy.http - jal.lmf.net
FF - prefs.js: network.proxy.http_port - 8013
FF - prefs.js: network.proxy.socks - jal.lmf.net
FF - prefs.js: network.proxy.socks_port - 8013
FF - prefs.js: network.proxy.ssl - jal.lmf.net
FF - prefs.js: network.proxy.ssl_port - 8013
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {033D3051-0DA4-4AA6-9A8E-86651C3568CF} - c:\documents and settings\ken miller\local settings\application data\{033D3051-0DA4-4AA6-9A8E-86651C3568CF}
FF - HiddenExtension: XULRunner: {40C0C7D2-D432-4459-9AD3-75ABCC68B95C} - c:\documents and settings\ken miller\local settings\application data\{40C0C7D2-D432-4459-9AD3-75ABCC68B95C}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-21 344712]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-12-12 69192]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-10-5 5888]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-21 91896]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-21 43192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-12-12 66536]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-8-3 50704]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\up_date\pedrv.sys --> c:\sysprep\up_date\PEDrv.sys [?]
=============== Created Last 30 ================
2010-11-24 17:45:14 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-26 19:07:50 -------- d-----w- C:\Microsoft
==================== Find3M ====================
2010-09-24 07:49:12 8704 ----a-w- c:\windows\system32\bootexctrl.exe
2010-09-24 07:49:04 11776 ----a-w- c:\windows\system32\wgx.dll
2010-09-24 07:49:02 24576 ----a-w- c:\windows\system32\udefrag.exe
2010-09-24 07:49:00 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe
2010-09-24 07:49:00 10752 ----a-w- c:\windows\system32\lua5.1a.exe
2010-09-24 07:48:58 92160 ----a-w- c:\windows\system32\lua5.1a.dll
2010-09-24 07:48:52 8192 ----a-w- c:\windows\system32\udefrag.dll
2010-09-24 07:48:52 6144 ----a-w- c:\windows\system32\hibernate4win.exe
2010-09-24 07:48:50 48640 ----a-w- c:\windows\system32\udefrag-kernel.dll
2010-09-24 07:48:46 47104 ----a-w- c:\windows\system32\zenwinx.dll
2010-09-24 07:48:40 88064 ----a-w- c:\windows\system32\defrag_native.exe
2010-08-30 14:12:04 0 ----a-w- c:\windows\Qgicigobab.bin
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1246GSX rev.LB213M -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A606EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88be4872; SUB DWORD [EBP-0x4], 0x88be412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A801AB8]
3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A7C2E98]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A864940]
[0x8A72B7D0] -> IRP_MJ_CREATE -> 0x8A606EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213M__#5&22499e11&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A606AEA
user & kernel MBR OK
sectors 234441646 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 13:34:02.61 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2008 12:39:47 PM
System Uptime: 11/24/2010 1:07:55 PM (0 hours ago)
Motherboard: ATI | | SB600
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 1995/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 103 GiB total, 78.309 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\SYN1909\4&839A984&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\SYN1909\4&839A984&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\33327EA580D1E
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\33327EA580D1E
Service: NIC1394
Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\1
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\1
Service: CmBatt
Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft AC Adapter
Device ID: ACPI\ACPI0003\2&DABA3FF&0
Manufacturer: Microsoft
Name: Microsoft AC Adapter
PNP Device ID: ACPI\ACPI0003\2&DABA3FF&0
Service: CmBatt
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Codecs
Device ID: ROOT\MEDIA\MS_MMACM
Manufacturer: (Standard system devices)
Name: Audio Codecs
PNP Device ID: ROOT\MEDIA\MS_MMACM
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Audio Drivers
Device ID: ROOT\MEDIA\MS_MMDRV
Manufacturer: (Standard system devices)
Name: Legacy Audio Drivers
PNP Device ID: ROOT\MEDIA\MS_MMDRV
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Media Control Devices
Device ID: ROOT\MEDIA\MS_MMMCI
Manufacturer: (Standard system devices)
Name: Media Control Devices
PNP Device ID: ROOT\MEDIA\MS_MMMCI
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Video Capture Devices
Device ID: ROOT\MEDIA\MS_MMVCD
Manufacturer: (Standard system devices)
Name: Legacy Video Capture Devices
PNP Device ID: ROOT\MEDIA\MS_MMVCD
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Video Codecs
Device ID: ROOT\MEDIA\MS_MMVID
Manufacturer: (Standard system devices)
Name: Video Codecs
PNP Device ID: ROOT\MEDIA\MS_MMVID
Service: audstub
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: mssmbios
==== System Restore Points ===================
RP306: 8/30/2010 2:39:22 PM - System Checkpoint
RP307: 8/31/2010 3:01:44 PM - System Checkpoint
RP308: 9/2/2010 5:53:49 PM - System Checkpoint
RP309: 9/7/2010 11:24:23 AM - System Checkpoint
RP310: 9/9/2010 12:59:43 PM - System Checkpoint
RP311: 9/10/2010 6:58:17 PM - System Checkpoint
RP312: 9/13/2010 10:45:57 AM - System Checkpoint
RP313: 9/14/2010 2:03:54 PM - System Checkpoint
RP314: 9/16/2010 12:40:47 PM - System Checkpoint
RP315: 9/20/2010 5:00:00 PM - System Checkpoint
RP316: 9/21/2010 5:11:44 PM - System Checkpoint
RP317: 9/28/2010 10:42:15 AM - System Checkpoint
RP318: 9/30/2010 5:58:52 PM - System Checkpoint
RP319: 10/4/2010 5:31:07 PM - System Checkpoint
RP320: 10/12/2010 2:23:18 PM - Configured 2007 Microsoft Office system
RP321: 10/13/2010 9:33:39 AM - Removed Ad-Aware
RP322: 10/13/2010 2:13:33 PM - Restore Operation
RP323: 10/13/2010 2:28:46 PM - Removed Ad-Aware
RP324: 10/18/2010 11:29:30 AM - System Checkpoint
RP325: 11/8/2010 12:37:13 PM - System Checkpoint
RP326: 11/9/2010 3:07:23 PM - System Checkpoint
RP327: 11/11/2010 9:26:02 AM - System Checkpoint
RP328: 11/15/2010 2:53:58 PM - System Checkpoint
RP329: 11/16/2010 3:02:25 PM - System Checkpoint
RP330: 11/18/2010 10:42:14 AM - System Checkpoint
RP331: 11/22/2010 3:14:07 PM - System Checkpoint
RP332: 11/23/2010 3:57:19 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
ATI Catalyst Control Center
ATI Display Driver
Bluetooth Stack for Windows by Toshiba
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
Foxit Reader
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo WinDVD for TOSHIBA
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Kyocera FS-C1020MFP Twain
Kyocera Product Library
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NICI (Shared) U.S./Worldwide (128 bit) (2.6.6-1)
OGA Notifier 2.0.0048.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skins
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Zooming Utility
Ultra Defragmenter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
11/24/2010 12:17:54 PM, error: Dhcp [1002] - The IP address lease 192.168.10.148 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/24/2010 1:23:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/24/2010 1:08:28 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/23/2010 2:51:45 PM, error: Dhcp [1002] - The IP address lease 192.168.2.34 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
11/23/2010 2:50:40 PM, error: Dhcp [1002] - The IP address lease 192.168.10.148 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/23/2010 12:42:15 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/23/2010 12:42:15 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/18/2010 10:43:19 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AD due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
==== End Of File ===========================
Thanks in advance for your help!
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5184
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/24/2010 1:07:20 PM
mbam-log-2010-11-24 (13-07-20).txt
Scan type: Quick scan
Objects scanned: 163923
Time elapsed: 8 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\kmiller\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-24 13:25:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK1246GSX rev.LB213M
Running: ftob31p1.exe; Driver: C:\DOCUME~1\KENMIL~1\LOCALS~1\Temp\kxddqpob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 234441392 (+254): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DBC9A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9DBC940]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9DBC954]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DBC9BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DBC9E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9DBCA54]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9DBCA3E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9DBCA6A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DBCAFE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9DBCA96]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DBC992]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DBC904]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DBC918]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9DBCAD2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9DBCA28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9DBCA12]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DBC9D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9DBCABE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9DBCAAA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9DBC97E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9DBC96A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DBC9FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DBCB2D]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9DBCA80]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DBCB14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DBCAE8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A606AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 8A606AEA
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213M__#5&22499e11&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS.txt:
DDS (Ver_10-11-10.01) - NTFSx86
Run by Ken Miller at 13:32:30.34 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1374 [GMT -5:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ken Miller\Application Data\U3\00001680D773D557\LaunchPad.exe
C:\Documents and Settings\Ken Miller\Desktop\logs\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://msn.com
mDefault_Search_URL = hxxp://msn.com
mSearch Page = hxxp://google.com
mStart Page = hxxp://msn.com
uInternet Settings,ProxyServer = jal.lmf.net:8013
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kenmil~1\applic~1\mozilla\firefox\profiles\i90y8dfj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.ftp - jal.lmf.net
FF - prefs.js: network.proxy.ftp_port - 8013
FF - prefs.js: network.proxy.gopher - jal.lmf.net
FF - prefs.js: network.proxy.gopher_port - 8013
FF - prefs.js: network.proxy.http - jal.lmf.net
FF - prefs.js: network.proxy.http_port - 8013
FF - prefs.js: network.proxy.socks - jal.lmf.net
FF - prefs.js: network.proxy.socks_port - 8013
FF - prefs.js: network.proxy.ssl - jal.lmf.net
FF - prefs.js: network.proxy.ssl_port - 8013
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {033D3051-0DA4-4AA6-9A8E-86651C3568CF} - c:\documents and settings\ken miller\local settings\application data\{033D3051-0DA4-4AA6-9A8E-86651C3568CF}
FF - HiddenExtension: XULRunner: {40C0C7D2-D432-4459-9AD3-75ABCC68B95C} - c:\documents and settings\ken miller\local settings\application data\{40C0C7D2-D432-4459-9AD3-75ABCC68B95C}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-21 344712]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-12-12 69192]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-10-5 5888]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-21 91896]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-21 43192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-12-12 66536]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-8-3 50704]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\up_date\pedrv.sys --> c:\sysprep\up_date\PEDrv.sys [?]
=============== Created Last 30 ================
2010-11-24 17:45:14 -------- d-----w- c:\windows\system32\wbem\Logs
2010-10-26 19:07:50 -------- d-----w- C:\Microsoft
==================== Find3M ====================
2010-09-24 07:49:12 8704 ----a-w- c:\windows\system32\bootexctrl.exe
2010-09-24 07:49:04 11776 ----a-w- c:\windows\system32\wgx.dll
2010-09-24 07:49:02 24576 ----a-w- c:\windows\system32\udefrag.exe
2010-09-24 07:49:00 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe
2010-09-24 07:49:00 10752 ----a-w- c:\windows\system32\lua5.1a.exe
2010-09-24 07:48:58 92160 ----a-w- c:\windows\system32\lua5.1a.dll
2010-09-24 07:48:52 8192 ----a-w- c:\windows\system32\udefrag.dll
2010-09-24 07:48:52 6144 ----a-w- c:\windows\system32\hibernate4win.exe
2010-09-24 07:48:50 48640 ----a-w- c:\windows\system32\udefrag-kernel.dll
2010-09-24 07:48:46 47104 ----a-w- c:\windows\system32\zenwinx.dll
2010-09-24 07:48:40 88064 ----a-w- c:\windows\system32\defrag_native.exe
2010-08-30 14:12:04 0 ----a-w- c:\windows\Qgicigobab.bin
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1246GSX rev.LB213M -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A606EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88be4872; SUB DWORD [EBP-0x4], 0x88be412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A801AB8]
3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x8A7C2E98]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A864940]
[0x8A72B7D0] -> IRP_MJ_CREATE -> 0x8A606EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1246GSX_______________________LB213M__#5&22499e11&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A606AEA
user & kernel MBR OK
sectors 234441646 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 13:34:02.61 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2008 12:39:47 PM
System Uptime: 11/24/2010 1:07:55 PM (0 hours ago)
Motherboard: ATI | | SB600
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 1995/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 103 GiB total, 78.309 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\SYN1909\4&839A984&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\SYN1909\4&839A984&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\33327EA580D1E
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\33327EA580D1E
Service: NIC1394
Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\1
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\1
Service: CmBatt
Class GUID: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Description: Microsoft AC Adapter
Device ID: ACPI\ACPI0003\2&DABA3FF&0
Manufacturer: Microsoft
Name: Microsoft AC Adapter
PNP Device ID: ACPI\ACPI0003\2&DABA3FF&0
Service: CmBatt
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Codecs
Device ID: ROOT\MEDIA\MS_MMACM
Manufacturer: (Standard system devices)
Name: Audio Codecs
PNP Device ID: ROOT\MEDIA\MS_MMACM
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Audio Drivers
Device ID: ROOT\MEDIA\MS_MMDRV
Manufacturer: (Standard system devices)
Name: Legacy Audio Drivers
PNP Device ID: ROOT\MEDIA\MS_MMDRV
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Media Control Devices
Device ID: ROOT\MEDIA\MS_MMMCI
Manufacturer: (Standard system devices)
Name: Media Control Devices
PNP Device ID: ROOT\MEDIA\MS_MMMCI
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Video Capture Devices
Device ID: ROOT\MEDIA\MS_MMVCD
Manufacturer: (Standard system devices)
Name: Legacy Video Capture Devices
PNP Device ID: ROOT\MEDIA\MS_MMVCD
Service: audstub
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Video Codecs
Device ID: ROOT\MEDIA\MS_MMVID
Manufacturer: (Standard system devices)
Name: Video Codecs
PNP Device ID: ROOT\MEDIA\MS_MMVID
Service: audstub
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: mssmbios
==== System Restore Points ===================
RP306: 8/30/2010 2:39:22 PM - System Checkpoint
RP307: 8/31/2010 3:01:44 PM - System Checkpoint
RP308: 9/2/2010 5:53:49 PM - System Checkpoint
RP309: 9/7/2010 11:24:23 AM - System Checkpoint
RP310: 9/9/2010 12:59:43 PM - System Checkpoint
RP311: 9/10/2010 6:58:17 PM - System Checkpoint
RP312: 9/13/2010 10:45:57 AM - System Checkpoint
RP313: 9/14/2010 2:03:54 PM - System Checkpoint
RP314: 9/16/2010 12:40:47 PM - System Checkpoint
RP315: 9/20/2010 5:00:00 PM - System Checkpoint
RP316: 9/21/2010 5:11:44 PM - System Checkpoint
RP317: 9/28/2010 10:42:15 AM - System Checkpoint
RP318: 9/30/2010 5:58:52 PM - System Checkpoint
RP319: 10/4/2010 5:31:07 PM - System Checkpoint
RP320: 10/12/2010 2:23:18 PM - Configured 2007 Microsoft Office system
RP321: 10/13/2010 9:33:39 AM - Removed Ad-Aware
RP322: 10/13/2010 2:13:33 PM - Restore Operation
RP323: 10/13/2010 2:28:46 PM - Removed Ad-Aware
RP324: 10/18/2010 11:29:30 AM - System Checkpoint
RP325: 11/8/2010 12:37:13 PM - System Checkpoint
RP326: 11/9/2010 3:07:23 PM - System Checkpoint
RP327: 11/11/2010 9:26:02 AM - System Checkpoint
RP328: 11/15/2010 2:53:58 PM - System Checkpoint
RP329: 11/16/2010 3:02:25 PM - System Checkpoint
RP330: 11/18/2010 10:42:14 AM - System Checkpoint
RP331: 11/22/2010 3:14:07 PM - System Checkpoint
RP332: 11/23/2010 3:57:19 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
ATI Catalyst Control Center
ATI Display Driver
Bluetooth Stack for Windows by Toshiba
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
Foxit Reader
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo WinDVD for TOSHIBA
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Kyocera FS-C1020MFP Twain
Kyocera Product Library
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NICI (Shared) U.S./Worldwide (128 bit) (2.6.6-1)
OGA Notifier 2.0.0048.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skins
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Zooming Utility
Ultra Defragmenter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
11/24/2010 12:17:54 PM, error: Dhcp [1002] - The IP address lease 192.168.10.148 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/24/2010 1:23:57 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/24/2010 1:08:28 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/23/2010 2:51:45 PM, error: Dhcp [1002] - The IP address lease 192.168.2.34 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
11/23/2010 2:50:40 PM, error: Dhcp [1002] - The IP address lease 192.168.10.148 for the Network Card with network address 001B9EB757A5 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/23/2010 12:42:15 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/23/2010 12:42:15 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/18/2010 10:43:19 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AD due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
==== End Of File ===========================