misterrmac
Posts: 11 +0
I’m trying to clean the system of a family member. I have already spent a few hours removing a few different things from browser search redirects to XP Protection 2012. Each time I thought I had it all something else would get appear and be reported. I finally tracked things down to PING.EXE continuously running in the task manager. Killing the task does not help, it just starts again within a few minutes. From time to time I get AVG reports that it is accessing some random location trying to download a suspicious or infected file. An advanced Task Manager shows it pinging places all over the world. Since I have no idea what is attached to the PING I’m lost now and turn to here for help.
Below are all the log files as requested.
Note: MBAM crashed about 15 mins into its scan. I reran the scan. No Log file was generated on the first scan attempt.
*************************************************************************************
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8285
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/1/2011 11:07:23 AM
mbam-log-2011-12-01 (11-07-23).txt
Scan type: Quick scan
Objects scanned: 229211
Time elapsed: 7 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Tom-\Local Settings\Application Data\dwn.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Tom-\Local Settings\Application Data\dwn.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\RECYCLER\s-1-5-21-1292428093-1078145449-725345543-500\Dc1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
***********************************************************
***********************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-01 11:16:13
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-1d WDC_WD3200JS-22PDB0 rev.21.00M21
Running: g6kqunkk.exe; Driver: C:\DOCUME~1\Sherry\LOCALS~1\Temp\ugtdipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
*********************************************************
*********************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sherry at 11:19:54 on 2011-12-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2462 [GMT -5:00]
.
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoomText] "c:\program files\zoomtext 9.1\ZT.exe" /AUTOSTART
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242326554015
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: sqlesw32 - sqlesw32.dll
Notify: Sqlseses - sqlesw32.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-6 52872]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2009-6-3 7296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-6-9 100456]
S2 gupdate1c9e47bb46ad882;Google Update Service (gupdate1c9e47bb46ad882);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2002-8-29 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2009-9-10 196409]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-11-29 02:12:44 -------- d-----w- c:\program files\Innovative Solutions
2011-11-29 01:42:45 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-11-29 00:54:21 -------- d-----w- c:\documents and settings\sherry\local settings\application data\PackageAware
2011-11-29 00:15:39 540 ----a-w- C:\regkeys.reg
2011-11-28 23:56:14 -------- d-----w- c:\documents and settings\sherry\local settings\application data\AVG Security Toolbar
2011-11-22 12:24:32 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-11-22 12:24:32 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-11-22 12:24:32 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-11-22 12:24:29 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-11-15 17:18:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-15 17:18:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-17 01:28:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-09-05 17:05:00 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-09-05 17:04:58 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-01-24 01:03:07 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2009-05-26 22:12:00 4045736 ----a-w- c:\program files\ventrilo-3.0.5-Windows-9x.exe
2008-06-01 16:56:15 602243712 ----a-w- c:\program files\sr-ccmt1.bin
1999-06-25 14:55:30 149504 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 11:20:49.23 ===============
*************************************************************************
*************************************************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2009 2:22:23 PM
System Uptime: 12/1/2011 11:08:42 AM (0 hours ago)
.
Motherboard: ELITEGROUP | | MCP61P
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2611/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 24.529 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 64.806 GiB free.
E: is FIXED (NTFS) - 99 GiB total, 84.025 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Service:
.
==== System Restore Points ===================
.
RP905: 9/2/2011 5:03:12 PM - System Checkpoint
RP906: 9/5/2011 5:43:27 PM - System Checkpoint
RP907: 9/6/2011 6:06:33 PM - System Checkpoint
RP908: 9/7/2011 6:31:24 PM - System Checkpoint
RP909: 9/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP910: 9/9/2011 3:22:48 AM - System Checkpoint
RP911: 9/10/2011 4:21:43 AM - System Checkpoint
RP912: 9/11/2011 5:21:43 AM - System Checkpoint
RP913: 9/12/2011 6:21:43 AM - System Checkpoint
RP914: 9/13/2011 7:21:42 AM - System Checkpoint
RP915: 9/13/2011 8:05:40 AM - Avg Update
RP916: 9/13/2011 8:06:04 AM - Avg Update
RP917: 9/14/2011 8:39:36 AM - System Checkpoint
RP918: 9/15/2011 9:21:37 AM - System Checkpoint
RP919: 9/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP920: 9/17/2011 3:24:00 AM - System Checkpoint
RP921: 9/18/2011 4:24:00 AM - System Checkpoint
RP922: 9/19/2011 5:24:00 AM - System Checkpoint
RP923: 9/20/2011 6:24:00 AM - System Checkpoint
RP924: 9/21/2011 7:24:00 AM - System Checkpoint
RP925: 9/22/2011 8:24:57 AM - System Checkpoint
RP926: 9/23/2011 10:33:44 AM - System Checkpoint
RP927: 9/24/2011 11:24:55 AM - System Checkpoint
RP928: 9/25/2011 11:43:35 AM - System Checkpoint
RP929: 9/26/2011 11:59:47 AM - System Checkpoint
RP930: 9/27/2011 12:48:27 PM - System Checkpoint
RP931: 9/28/2011 3:00:17 AM - Software Distribution Service 3.0
RP932: 9/29/2011 3:23:40 AM - System Checkpoint
RP933: 9/30/2011 4:23:37 AM - System Checkpoint
RP934: 10/1/2011 5:23:35 AM - System Checkpoint
RP935: 10/2/2011 6:23:37 AM - System Checkpoint
RP936: 10/3/2011 7:23:37 AM - System Checkpoint
RP937: 10/4/2011 8:23:45 AM - System Checkpoint
RP938: 10/5/2011 9:23:35 AM - System Checkpoint
RP939: 10/6/2011 9:49:39 AM - System Checkpoint
RP940: 10/8/2011 5:07:52 PM - System Checkpoint
RP941: 10/9/2011 5:23:36 PM - System Checkpoint
RP942: 10/10/2011 11:39:58 PM - System Checkpoint
RP943: 10/11/2011 3:56:49 PM - Avg Update
RP944: 10/13/2011 3:00:18 AM - Software Distribution Service 3.0
RP945: 10/14/2011 3:29:08 AM - System Checkpoint
RP946: 10/15/2011 3:53:28 AM - System Checkpoint
RP947: 10/16/2011 4:33:37 AM - System Checkpoint
RP948: 10/17/2011 4:33:51 AM - System Checkpoint
RP949: 10/18/2011 5:33:28 AM - System Checkpoint
RP950: 10/19/2011 1:41:42 PM - System Checkpoint
RP951: 10/20/2011 2:11:29 PM - System Checkpoint
RP952: 10/21/2011 2:34:33 PM - System Checkpoint
RP953: 10/22/2011 3:07:05 PM - System Checkpoint
RP954: 10/23/2011 3:34:32 PM - System Checkpoint
RP955: 10/24/2011 9:02:59 AM - Avg Update
RP956: 10/25/2011 10:44:20 AM - System Checkpoint
RP957: 10/26/2011 11:52:39 AM - System Checkpoint
RP958: 10/27/2011 12:09:27 PM - System Checkpoint
RP959: 10/28/2011 2:46:33 PM - System Checkpoint
RP960: 10/29/2011 4:12:00 PM - System Checkpoint
RP961: 10/30/2011 8:41:49 PM - System Checkpoint
RP962: 11/1/2011 10:01:45 AM - System Checkpoint
RP963: 11/2/2011 12:49:47 PM - System Checkpoint
RP964: 11/3/2011 1:12:23 PM - System Checkpoint
RP965: 11/4/2011 1:31:20 PM - System Checkpoint
RP966: 11/5/2011 3:42:33 PM - System Checkpoint
RP967: 11/6/2011 7:06:52 PM - System Checkpoint
RP968: 11/7/2011 9:35:10 PM - System Checkpoint
RP969: 11/15/2011 12:44:04 PM - System Checkpoint
RP970: 11/16/2011 3:00:18 AM - Software Distribution Service 3.0
RP971: 11/17/2011 9:49:27 AM - System Checkpoint
RP972: 11/18/2011 10:06:02 AM - System Checkpoint
RP973: 11/19/2011 10:35:29 AM - System Checkpoint
RP974: 11/20/2011 11:03:19 AM - System Checkpoint
RP975: 11/21/2011 11:15:54 AM - System Checkpoint
RP976: 11/22/2011 3:41:40 PM - System Checkpoint
RP977: 11/23/2011 9:03:59 AM - Avg Update
RP978: 11/24/2011 9:12:21 AM - System Checkpoint
RP979: 11/25/2011 9:55:47 AM - System Checkpoint
RP980: 11/26/2011 10:03:59 AM - System Checkpoint
RP981: 11/27/2011 10:12:11 AM - System Checkpoint
RP982: 11/27/2011 4:22:21 PM - Restore Operation
RP983: 11/27/2011 4:27:49 PM - Restore Operation
RP984: 11/28/2011 6:32:30 PM - System Checkpoint
RP985: 11/28/2011 7:22:57 PM - Restore Operation
RP986: 11/28/2011 7:34:15 PM - Removed Nuance PDF Reader.
RP987: 11/28/2011 7:34:58 PM - Removed YouTube Downloader Toolbar v4.7.
RP988: 11/28/2011 7:54:59 PM - Removed Java(TM) 6 Update 26
RP989: 11/30/2011 11:29:51 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 4.0
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe Widget Browser
Advanced Task Manager for Windows Vista & Windows XP
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 9.0
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Battlefield 2(TM)
BitTorrent
CCV Patch 501a
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Facebook Video Calling 1.0.0.8953
GIMP 2.6.6
Google Earth
Google SketchUp Pro 7
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp officejet v series
IHA_MessageCenter
Intuit SiteBuilder
IrfanView (remove only)
iTunes
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Control Panel 266.33
NVIDIA Graphics Driver 266.33
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OGA Notifier 2.0.0048.0
PDF Settings CS5
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SHOUTcast Source DSP 1.9.1 (remove only)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
StreamTorrent 1.0
Trojan Killer 2.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Verizon Help and Support Tool
Viewpoint Media Player
VLC media player 0.9.9
Vz In Home Agent
WD SmartWare
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows iLivid Toolbar
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wizard101
ZoomText 9.1
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 9:12:51 AM, error: Service Control Manager [7023] - The SQL Server EXPRESS service terminated with the following error: The specified module could not be found.
12/1/2011 10:31:27 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.25.3 (The DHCP Server sent a DHCPNACK message).
11/28/2011 9:14:58 PM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 9:11:07 PM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 7:35:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
11/28/2011 7:30:16 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
11/28/2011 7:28:31 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2011 7:13:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Ai2sXP AmdPPM AvgLdx86 AvgMfx86 Fips NetworkX
11/28/2011 7:09:24 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2011 7:08:44 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:56:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:51:06 PM, error: Service Control Manager [7034] - The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:51:00 PM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:50:53 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:02:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/28/2011 5:43:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/28/2011 5:40:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Ai2sXP AmdPPM AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/28/2011 5:40:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2011 9:08:03 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/27/2011 5:08:56 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/27/2011 4:27:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service to connect.
11/27/2011 4:27:43 PM, error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2011 9:16:52 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Below are all the log files as requested.
Note: MBAM crashed about 15 mins into its scan. I reran the scan. No Log file was generated on the first scan attempt.
*************************************************************************************
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8285
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/1/2011 11:07:23 AM
mbam-log-2011-12-01 (11-07-23).txt
Scan type: Quick scan
Objects scanned: 229211
Time elapsed: 7 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Tom-\Local Settings\Application Data\dwn.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Tom-\Local Settings\Application Data\dwn.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\RECYCLER\s-1-5-21-1292428093-1078145449-725345543-500\Dc1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
***********************************************************
***********************************************************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-01 11:16:13
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-1d WDC_WD3200JS-22PDB0 rev.21.00M21
Running: g6kqunkk.exe; Driver: C:\DOCUME~1\Sherry\LOCALS~1\Temp\ugtdipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
*********************************************************
*********************************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sherry at 11:19:54 on 2011-12-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2462 [GMT -5:00]
.
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoomText] "c:\program files\zoomtext 9.1\ZT.exe" /AUTOSTART
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242326554015
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: sqlesw32 - sqlesw32.dll
Notify: Sqlseses - sqlesw32.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-6 52872]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2009-6-3 7296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-22 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-6-9 100456]
S2 gupdate1c9e47bb46ad882;Google Update Service (gupdate1c9e47bb46ad882);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2002-8-29 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2009-9-10 196409]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-11-29 02:12:44 -------- d-----w- c:\program files\Innovative Solutions
2011-11-29 01:42:45 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-11-29 00:54:21 -------- d-----w- c:\documents and settings\sherry\local settings\application data\PackageAware
2011-11-29 00:15:39 540 ----a-w- C:\regkeys.reg
2011-11-28 23:56:14 -------- d-----w- c:\documents and settings\sherry\local settings\application data\AVG Security Toolbar
2011-11-22 12:24:32 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-11-22 12:24:32 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-11-22 12:24:32 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-11-22 12:24:29 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-11-15 17:18:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-11-15 17:18:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-17 01:28:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-09-05 17:05:00 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-09-05 17:04:58 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-01-24 01:03:07 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2009-05-26 22:12:00 4045736 ----a-w- c:\program files\ventrilo-3.0.5-Windows-9x.exe
2008-06-01 16:56:15 602243712 ----a-w- c:\program files\sr-ccmt1.bin
1999-06-25 14:55:30 149504 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 11:20:49.23 ===============
*************************************************************************
*************************************************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2009 2:22:23 PM
System Uptime: 12/1/2011 11:08:42 AM (0 hours ago)
.
Motherboard: ELITEGROUP | | MCP61P
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2611/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 24.529 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 64.806 GiB free.
E: is FIXED (NTFS) - 99 GiB total, 84.025 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Service:
.
==== System Restore Points ===================
.
RP905: 9/2/2011 5:03:12 PM - System Checkpoint
RP906: 9/5/2011 5:43:27 PM - System Checkpoint
RP907: 9/6/2011 6:06:33 PM - System Checkpoint
RP908: 9/7/2011 6:31:24 PM - System Checkpoint
RP909: 9/8/2011 3:00:15 AM - Software Distribution Service 3.0
RP910: 9/9/2011 3:22:48 AM - System Checkpoint
RP911: 9/10/2011 4:21:43 AM - System Checkpoint
RP912: 9/11/2011 5:21:43 AM - System Checkpoint
RP913: 9/12/2011 6:21:43 AM - System Checkpoint
RP914: 9/13/2011 7:21:42 AM - System Checkpoint
RP915: 9/13/2011 8:05:40 AM - Avg Update
RP916: 9/13/2011 8:06:04 AM - Avg Update
RP917: 9/14/2011 8:39:36 AM - System Checkpoint
RP918: 9/15/2011 9:21:37 AM - System Checkpoint
RP919: 9/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP920: 9/17/2011 3:24:00 AM - System Checkpoint
RP921: 9/18/2011 4:24:00 AM - System Checkpoint
RP922: 9/19/2011 5:24:00 AM - System Checkpoint
RP923: 9/20/2011 6:24:00 AM - System Checkpoint
RP924: 9/21/2011 7:24:00 AM - System Checkpoint
RP925: 9/22/2011 8:24:57 AM - System Checkpoint
RP926: 9/23/2011 10:33:44 AM - System Checkpoint
RP927: 9/24/2011 11:24:55 AM - System Checkpoint
RP928: 9/25/2011 11:43:35 AM - System Checkpoint
RP929: 9/26/2011 11:59:47 AM - System Checkpoint
RP930: 9/27/2011 12:48:27 PM - System Checkpoint
RP931: 9/28/2011 3:00:17 AM - Software Distribution Service 3.0
RP932: 9/29/2011 3:23:40 AM - System Checkpoint
RP933: 9/30/2011 4:23:37 AM - System Checkpoint
RP934: 10/1/2011 5:23:35 AM - System Checkpoint
RP935: 10/2/2011 6:23:37 AM - System Checkpoint
RP936: 10/3/2011 7:23:37 AM - System Checkpoint
RP937: 10/4/2011 8:23:45 AM - System Checkpoint
RP938: 10/5/2011 9:23:35 AM - System Checkpoint
RP939: 10/6/2011 9:49:39 AM - System Checkpoint
RP940: 10/8/2011 5:07:52 PM - System Checkpoint
RP941: 10/9/2011 5:23:36 PM - System Checkpoint
RP942: 10/10/2011 11:39:58 PM - System Checkpoint
RP943: 10/11/2011 3:56:49 PM - Avg Update
RP944: 10/13/2011 3:00:18 AM - Software Distribution Service 3.0
RP945: 10/14/2011 3:29:08 AM - System Checkpoint
RP946: 10/15/2011 3:53:28 AM - System Checkpoint
RP947: 10/16/2011 4:33:37 AM - System Checkpoint
RP948: 10/17/2011 4:33:51 AM - System Checkpoint
RP949: 10/18/2011 5:33:28 AM - System Checkpoint
RP950: 10/19/2011 1:41:42 PM - System Checkpoint
RP951: 10/20/2011 2:11:29 PM - System Checkpoint
RP952: 10/21/2011 2:34:33 PM - System Checkpoint
RP953: 10/22/2011 3:07:05 PM - System Checkpoint
RP954: 10/23/2011 3:34:32 PM - System Checkpoint
RP955: 10/24/2011 9:02:59 AM - Avg Update
RP956: 10/25/2011 10:44:20 AM - System Checkpoint
RP957: 10/26/2011 11:52:39 AM - System Checkpoint
RP958: 10/27/2011 12:09:27 PM - System Checkpoint
RP959: 10/28/2011 2:46:33 PM - System Checkpoint
RP960: 10/29/2011 4:12:00 PM - System Checkpoint
RP961: 10/30/2011 8:41:49 PM - System Checkpoint
RP962: 11/1/2011 10:01:45 AM - System Checkpoint
RP963: 11/2/2011 12:49:47 PM - System Checkpoint
RP964: 11/3/2011 1:12:23 PM - System Checkpoint
RP965: 11/4/2011 1:31:20 PM - System Checkpoint
RP966: 11/5/2011 3:42:33 PM - System Checkpoint
RP967: 11/6/2011 7:06:52 PM - System Checkpoint
RP968: 11/7/2011 9:35:10 PM - System Checkpoint
RP969: 11/15/2011 12:44:04 PM - System Checkpoint
RP970: 11/16/2011 3:00:18 AM - Software Distribution Service 3.0
RP971: 11/17/2011 9:49:27 AM - System Checkpoint
RP972: 11/18/2011 10:06:02 AM - System Checkpoint
RP973: 11/19/2011 10:35:29 AM - System Checkpoint
RP974: 11/20/2011 11:03:19 AM - System Checkpoint
RP975: 11/21/2011 11:15:54 AM - System Checkpoint
RP976: 11/22/2011 3:41:40 PM - System Checkpoint
RP977: 11/23/2011 9:03:59 AM - Avg Update
RP978: 11/24/2011 9:12:21 AM - System Checkpoint
RP979: 11/25/2011 9:55:47 AM - System Checkpoint
RP980: 11/26/2011 10:03:59 AM - System Checkpoint
RP981: 11/27/2011 10:12:11 AM - System Checkpoint
RP982: 11/27/2011 4:22:21 PM - Restore Operation
RP983: 11/27/2011 4:27:49 PM - Restore Operation
RP984: 11/28/2011 6:32:30 PM - System Checkpoint
RP985: 11/28/2011 7:22:57 PM - Restore Operation
RP986: 11/28/2011 7:34:15 PM - Removed Nuance PDF Reader.
RP987: 11/28/2011 7:34:58 PM - Removed YouTube Downloader Toolbar v4.7.
RP988: 11/28/2011 7:54:59 PM - Removed Java(TM) 6 Update 26
RP989: 11/30/2011 11:29:51 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat 4.0
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe Widget Browser
Advanced Task Manager for Windows Vista & Windows XP
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 9.0
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Battlefield 2(TM)
BitTorrent
CCV Patch 501a
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Critical Update for Windows Media Player 11 (KB959772)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Facebook Video Calling 1.0.0.8953
GIMP 2.6.6
Google Earth
Google SketchUp Pro 7
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp officejet v series
IHA_MessageCenter
Intuit SiteBuilder
IrfanView (remove only)
iTunes
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Control Panel 266.33
NVIDIA Graphics Driver 266.33
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OGA Notifier 2.0.0048.0
PDF Settings CS5
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SHOUTcast Source DSP 1.9.1 (remove only)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
StreamTorrent 1.0
Trojan Killer 2.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Verizon Help and Support Tool
Viewpoint Media Player
VLC media player 0.9.9
Vz In Home Agent
WD SmartWare
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows iLivid Toolbar
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wizard101
ZoomText 9.1
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 9:12:51 AM, error: Service Control Manager [7023] - The SQL Server EXPRESS service terminated with the following error: The specified module could not be found.
12/1/2011 10:31:27 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.25.3 (The DHCP Server sent a DHCPNACK message).
11/28/2011 9:14:58 PM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 9:11:07 PM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 7:35:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
11/28/2011 7:30:16 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
11/28/2011 7:28:31 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2011 7:13:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Ai2sXP AmdPPM AvgLdx86 AvgMfx86 Fips NetworkX
11/28/2011 7:09:24 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2011 7:08:44 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:56:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:51:06 PM, error: Service Control Manager [7034] - The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:51:00 PM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:50:53 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2011 6:02:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/28/2011 5:43:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/28/2011 5:40:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Ai2sXP AmdPPM AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/28/2011 5:40:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/28/2011 5:40:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2011 9:08:03 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/27/2011 5:08:56 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/27/2011 4:27:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service to connect.
11/27/2011 4:27:43 PM, error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2011 9:16:52 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0050DA609EE2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================