Good Day,
First off, thank you for this forum. I have followed the step-by-step directions as well as I was able (DDS would only run in safe mode), and I've provided the results below. Before finding this forum, I was trying to fix problems one at a time, which included removing the files and folders "hidden" and "read-only" attributes from the C: drive (via Properties, not attrib). I was also, rather randomly, running scans and whatnot, one of which identified MEM: Rootkit.Win32.TDSS.fa as well as others.
After completing Malwarebytes' scan and the other suggested scans, all scans are now indicating no infections found, but performance is still poor and several programs are showing erratic behavior such as not allowing a mouse click on active buttons within the program (Speed Up My PC and Stopzilla both display this behavior for instance). Please take a look and thanks in advance.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6325
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
4/10/2011 10:29:22 AM
mbam-log-2011-04-10 (10-29-22).txt
Scan type: Quick scan
Objects scanned: 164467
Time elapsed: 2 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Owner\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Owner\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
-------------------------------------
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-10 11:19:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080P0 rev.YAR41BW0
Running: du5wfk5c.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxliapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2009 5:21:11 PM
System Uptime: 4/10/2011 10:36:17 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2524/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 76 GiB total, 36.714 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 400.98 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP446: 3/16/2011 11:49:18 PM - System Checkpoint
RP447: 3/17/2011 3:00:18 AM - Software Distribution Service 3.0
RP448: 3/18/2011 3:53:53 AM - System Checkpoint
RP449: 3/19/2011 4:53:53 AM - System Checkpoint
RP450: 3/19/2011 5:28:53 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP451: 3/20/2011 3:00:20 AM - Software Distribution Service 3.0
RP452: 3/21/2011 3:00:21 AM - Software Distribution Service 3.0
RP453: 3/21/2011 3:27:53 AM - Printer Driver Microsoft XPS Document Writer Installed
RP454: 3/22/2011 3:00:20 AM - Software Distribution Service 3.0
RP455: 3/23/2011 3:56:07 AM - System Checkpoint
RP456: 3/24/2011 3:00:19 AM - Software Distribution Service 3.0
RP457: 3/25/2011 3:56:12 AM - System Checkpoint
RP458: 3/26/2011 10:50:39 AM - System Checkpoint
RP459: 3/27/2011 11:13:28 AM - System Checkpoint
RP460: 3/28/2011 12:13:28 PM - System Checkpoint
RP461: 3/29/2011 1:13:27 PM - System Checkpoint
RP462: 3/31/2011 8:33:59 AM - System Checkpoint
RP463: 4/1/2011 1:21:49 PM - System Checkpoint
RP464: 4/2/2011 1:56:30 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Airlink101 WLAN Monitor
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo WinOptimizer 2010 Advanced
Ask Toolbar
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
Comcast Desktop Software (v1.2.0.9)
FrostWire 4.21.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Memeo Instant Backup
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.5.17)
Norton Security Scan
Plants vs. Zombies
QuickTime
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 5.0
SoundMAX
Spinco Download Manager
STOPzilla
Symphonie Data Retriever (remove only)
Thoosje Sevenbar
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 12:38:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde
4/8/2011 7:42:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/6/2011 7:29:57 PM, error: Service Control Manager [7023] - The MicroSoft License Access service terminated with the following error: The system cannot find the file specified.
4/6/2011 7:29:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/4/2011 5:52:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2011 5:51:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/4/2011 5:50:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/4/2011 5:50:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT PCIIde RasAcd Rdbss Tcpip
4/4/2011 5:50:45 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:49:38 PM, error: SRService [104] - The System Restore initialization process failed.
4/4/2011 12:34:33 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/4/2011 12:24:32 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/3/2011 9:42:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/3/2011 9:20:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/3/2011 5:54:04 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/3/2011 3:21:53 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/10/2011 10:23:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Admin at 10:57:21.53 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.289 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Ycunojotohu] rundll32.exe "c:\windows\evipiqowaliy.dll",Startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262137280140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\xw5jmrkq.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {FB4B11E8-5B66-4F74-AA93-B0453D5B5B66} - c:\documents and settings\owner\local settings\application data\{FB4B11E8-5B66-4F74-AA93-B0453D5B5B66}
FF - Ext: XULRunner: {D01ADEA2-8562-4344-8489-CBE1DCD4B9B9} - c:\documents and settings\admin\local settings\application data\{D01ADEA2-8562-4344-8489-CBE1DCD4B9B9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-1-13 590080]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
S2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\sprtsvc.exe [2010-6-17 206120]
S2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\tgsrvc.exe [2010-6-17 185640]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-3-16 406016]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
.
=============== Created Last 30 ================
.
2011-04-10 17:25:07 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2011-04-10 17:25:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 17:25:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-10 17:24:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 17:24:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 00:35:19 -------- d-----w- c:\program files\STOPzilla!
2011-04-09 00:35:18 -------- d-----w- c:\program files\common files\iS3
2011-04-06 21:47:36 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-06 21:47:36 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-06 21:47:36 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-06 21:47:34 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-06 21:47:34 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-06 21:47:34 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-06 21:47:32 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-06 21:47:32 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-06 21:47:32 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-06 21:47:32 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-06 21:47:32 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-06 21:47:30 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-04-04 00:34:49 -------- d-----we c:\documents and settings\all users\AVP11
2011-04-03 19:17:59 -------- d-----w- c:\program files\AVAST Software
2011-04-03 19:17:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-03 16:34:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-03 15:57:40 -------- d-----w- c:\docume~1\admin\applic~1\Seagate
2011-04-03 15:57:40 -------- d-----w- c:\docume~1\admin\applic~1\Memeo
2011-04-03 15:57:37 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\{D01ADEA2-8562-4344-8489-CBE1DCD4B9B9}
2011-04-03 05:49:16 -------- d-----w- C:\Windows Repair
2011-04-03 04:56:11 0 ----a-w- c:\windows\Pboti.bin
2011-03-21 10:02:54 -------- d--h--w- c:\windows\system32\XPSViewer
2011-03-21 10:02:16 89088 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-21 10:01:55 89088 -c-h--w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-21 10:01:55 597504 -c-h--w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-21 10:01:55 597504 ---h--w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-21 10:01:55 575488 -c-h--w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-21 10:01:55 575488 ---h--w- c:\windows\system32\xpsshhdr.dll
2011-03-21 10:01:55 117760 ---h--w- c:\windows\system32\prntvpt.dll
2011-03-21 10:01:54 1676288 -c-h--w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-21 10:01:54 1676288 ---h--w- c:\windows\system32\xpssvcs.dll
2011-03-20 00:44:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-03-20 00:33:18 -------- d-----w- c:\program files\common files\Memeo
2011-03-20 00:33:09 -------- d-----w- c:\program files\Memeo
2011-03-20 00:28:37 -------- d-----w- c:\program files\Seagate
2011-03-19 19:46:14 -------- d-----w- c:\program files\iPod
2011-03-17 06:04:15 28160 ---ha-w- c:\windows\system32\DfSdkBt.exe
2011-03-17 06:04:08 -------- d-----w- c:\program files\Ashampoo
2011-03-17 02:09:28 -------- d--h--w- c:\windows\system32\NtmsData
2011-03-17 02:05:08 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Mozilla
2011-03-14 06:39:43 16928 ---h--w- c:\windows\system32\spmsgXP_2k3.dll
2011-03-14 06:38:28 -------- d--h--w- c:\windows\system32\pt-PT
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\pt-BR
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\nl-NL
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\it-IT
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\fr-FR
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\es-ES
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\de-DE
.
==================== Find3M ====================
.
2011-02-18 23:36:58 4184352 ---ha-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 10:57:50.59 ===============
First off, thank you for this forum. I have followed the step-by-step directions as well as I was able (DDS would only run in safe mode), and I've provided the results below. Before finding this forum, I was trying to fix problems one at a time, which included removing the files and folders "hidden" and "read-only" attributes from the C: drive (via Properties, not attrib). I was also, rather randomly, running scans and whatnot, one of which identified MEM: Rootkit.Win32.TDSS.fa as well as others.
After completing Malwarebytes' scan and the other suggested scans, all scans are now indicating no infections found, but performance is still poor and several programs are showing erratic behavior such as not allowing a mouse click on active buttons within the program (Speed Up My PC and Stopzilla both display this behavior for instance). Please take a look and thanks in advance.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6325
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
4/10/2011 10:29:22 AM
mbam-log-2011-04-10 (10-29-22).txt
Scan type: Quick scan
Objects scanned: 164467
Time elapsed: 2 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Owner\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Owner\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
-------------------------------------
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-10 11:19:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080P0 rev.YAR41BW0
Running: du5wfk5c.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxliapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2009 5:21:11 PM
System Uptime: 4/10/2011 10:36:17 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2524/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 76 GiB total, 36.714 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 400.98 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP446: 3/16/2011 11:49:18 PM - System Checkpoint
RP447: 3/17/2011 3:00:18 AM - Software Distribution Service 3.0
RP448: 3/18/2011 3:53:53 AM - System Checkpoint
RP449: 3/19/2011 4:53:53 AM - System Checkpoint
RP450: 3/19/2011 5:28:53 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP451: 3/20/2011 3:00:20 AM - Software Distribution Service 3.0
RP452: 3/21/2011 3:00:21 AM - Software Distribution Service 3.0
RP453: 3/21/2011 3:27:53 AM - Printer Driver Microsoft XPS Document Writer Installed
RP454: 3/22/2011 3:00:20 AM - Software Distribution Service 3.0
RP455: 3/23/2011 3:56:07 AM - System Checkpoint
RP456: 3/24/2011 3:00:19 AM - Software Distribution Service 3.0
RP457: 3/25/2011 3:56:12 AM - System Checkpoint
RP458: 3/26/2011 10:50:39 AM - System Checkpoint
RP459: 3/27/2011 11:13:28 AM - System Checkpoint
RP460: 3/28/2011 12:13:28 PM - System Checkpoint
RP461: 3/29/2011 1:13:27 PM - System Checkpoint
RP462: 3/31/2011 8:33:59 AM - System Checkpoint
RP463: 4/1/2011 1:21:49 PM - System Checkpoint
RP464: 4/2/2011 1:56:30 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Airlink101 WLAN Monitor
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo WinOptimizer 2010 Advanced
Ask Toolbar
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
Comcast Desktop Software (v1.2.0.9)
FrostWire 4.21.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Memeo Instant Backup
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.5.17)
Norton Security Scan
Plants vs. Zombies
QuickTime
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 5.0
SoundMAX
Spinco Download Manager
STOPzilla
Symphonie Data Retriever (remove only)
Thoosje Sevenbar
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 12:38:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde
4/8/2011 7:42:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/6/2011 7:29:57 PM, error: Service Control Manager [7023] - The MicroSoft License Access service terminated with the following error: The system cannot find the file specified.
4/6/2011 7:29:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/4/2011 5:52:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2011 5:51:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/4/2011 5:50:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/4/2011 5:50:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT PCIIde RasAcd Rdbss Tcpip
4/4/2011 5:50:45 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:50:45 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2011 5:49:38 PM, error: SRService [104] - The System Restore initialization process failed.
4/4/2011 12:34:33 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/4/2011 12:24:32 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/3/2011 9:42:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/3/2011 9:20:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/3/2011 5:54:04 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/3/2011 3:21:53 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/10/2011 10:23:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Admin at 10:57:21.53 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.289 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Ycunojotohu] rundll32.exe "c:\windows\evipiqowaliy.dll",Startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262137280140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: TPSvc - TPSvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\xw5jmrkq.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {FB4B11E8-5B66-4F74-AA93-B0453D5B5B66} - c:\documents and settings\owner\local settings\application data\{FB4B11E8-5B66-4F74-AA93-B0453D5B5B66}
FF - Ext: XULRunner: {D01ADEA2-8562-4344-8489-CBE1DCD4B9B9} - c:\documents and settings\admin\local settings\application data\{D01ADEA2-8562-4344-8489-CBE1DCD4B9B9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-1-13 590080]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
S2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\sprtsvc.exe [2010-6-17 206120]
S2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\tgsrvc.exe [2010-6-17 185640]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-3-16 406016]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
.
=============== Created Last 30 ================
.
2011-04-10 17:25:07 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2011-04-10 17:25:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 17:25:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-10 17:24:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 17:24:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 00:35:19 -------- d-----w- c:\program files\STOPzilla!
2011-04-09 00:35:18 -------- d-----w- c:\program files\common files\iS3
2011-04-06 21:47:36 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-06 21:47:36 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-06 21:47:36 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-06 21:47:34 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-06 21:47:34 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-06 21:47:34 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-06 21:47:32 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-06 21:47:32 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-06 21:47:32 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-06 21:47:32 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-06 21:47:32 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-06 21:47:30 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-04-04 00:34:49 -------- d-----we c:\documents and settings\all users\AVP11
2011-04-03 19:17:59 -------- d-----w- c:\program files\AVAST Software
2011-04-03 19:17:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-03 16:34:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-03 15:57:40 -------- d-----w- c:\docume~1\admin\applic~1\Seagate
2011-04-03 15:57:40 -------- d-----w- c:\docume~1\admin\applic~1\Memeo
2011-04-03 15:57:37 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\{D01ADEA2-8562-4344-8489-CBE1DCD4B9B9}
2011-04-03 05:49:16 -------- d-----w- C:\Windows Repair
2011-04-03 04:56:11 0 ----a-w- c:\windows\Pboti.bin
2011-03-21 10:02:54 -------- d--h--w- c:\windows\system32\XPSViewer
2011-03-21 10:02:16 89088 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-21 10:01:55 89088 -c-h--w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-21 10:01:55 597504 -c-h--w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-21 10:01:55 597504 ---h--w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-21 10:01:55 575488 -c-h--w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-21 10:01:55 575488 ---h--w- c:\windows\system32\xpsshhdr.dll
2011-03-21 10:01:55 117760 ---h--w- c:\windows\system32\prntvpt.dll
2011-03-21 10:01:54 1676288 -c-h--w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-21 10:01:54 1676288 ---h--w- c:\windows\system32\xpssvcs.dll
2011-03-20 00:44:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-03-20 00:33:18 -------- d-----w- c:\program files\common files\Memeo
2011-03-20 00:33:09 -------- d-----w- c:\program files\Memeo
2011-03-20 00:28:37 -------- d-----w- c:\program files\Seagate
2011-03-19 19:46:14 -------- d-----w- c:\program files\iPod
2011-03-17 06:04:15 28160 ---ha-w- c:\windows\system32\DfSdkBt.exe
2011-03-17 06:04:08 -------- d-----w- c:\program files\Ashampoo
2011-03-17 02:09:28 -------- d--h--w- c:\windows\system32\NtmsData
2011-03-17 02:05:08 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Mozilla
2011-03-14 06:39:43 16928 ---h--w- c:\windows\system32\spmsgXP_2k3.dll
2011-03-14 06:38:28 -------- d--h--w- c:\windows\system32\pt-PT
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\pt-BR
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\nl-NL
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\it-IT
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\fr-FR
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\es-ES
2011-03-14 06:38:27 -------- d--h--w- c:\windows\system32\de-DE
.
==================== Find3M ====================
.
2011-02-18 23:36:58 4184352 ---ha-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 10:57:50.59 ===============