plus recurring HTML script virus (Gerico.ffd) and WIN32 errors - help ! Avira and Malwarebytes have quarantined numerous trojan spywares and one of the programs used in the 8 point checklist suggest a rootkit infection. Firewall automatically turned off and Internet explorer closes after a few minutes of use.
Here are the logs of the downloaded programs, any help gratefully received:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-14 19:13:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 STM3250318AS rev.CC37
Running: dyn1rppi.exe; Driver: C:\DOCUME~1\Dan\LOCALS~1\Temp\kwroipob.sys
---- System - GMER 1.0.15 ----
SSDT spwt.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spwt.sys ZwEnumerateValueKey [0xB7ECE132]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A2B827F
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1Port3Path0Target1Lun0 8A0891F8
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1 8A0891F8
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1Port3Path0Target0Lun0 8A0891F8
Device \FileSystem\Ntfs \Ntfs 8A4121F8
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
Device \Device\Ide\IdeDeviceP1T1L0-e -> \??\IDE#DiskSTM3250318AS____________________________CC37____#5&18134b26&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
#######################
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/13/2011 5:15:41 PM
mbam-log-2011-04-13 (17-15-41).txt
Scan type: Quick scan
Objects scanned: 184340
Time elapsed: 3 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\winntse.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\ksdfghk.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Dan\local settings\Temp\0.5326623992007813.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Dan\local settings\Temp\jar_cache6136635655882958112.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.6587413872770643.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.9674578634173698.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\winntse.bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\ksdfghk.Bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/13/2011 6:21:28 PM
mbam-log-2011-04-13 (18-21-28).txt
Scan type: Full scan (C:\|)
Objects scanned: 268532
Time elapsed: 55 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\12\1e3ae18c-2bbcf9b9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\12\1e3ae18c-6c53a5b7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/14/2011 6:47:28 PM
mbam-log-2011-04-14 (18-47-28).txt
Scan type: Quick scan
Objects scanned: 181953
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\ksdfghk.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\ksdfghk.Bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
#########################
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dan at 19:16:47.04 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dan\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\dan\desktop\PartyPoker.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E12A03E0-357A-4D08-9D38-720A10A03941} = 217.171.132.1 217.171.135.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-7 11608]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-11 2855440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-7 56816]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-9-27 1737464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-12 135664]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-11 73728]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-9-27 9216]
S3 U400bus;LGE U400 driver (WDM);c:\windows\system32\drivers\U400bus.sys [2010-8-27 61440]
S3 U400mdfl;LGE U400 USB WMC Modem Filter;c:\windows\system32\drivers\U400mdfl.sys [2010-8-27 9264]
S3 U400mdm;LGE U400 USB WMC Modem Driver;c:\windows\system32\drivers\U400mdm.sys [2010-8-27 96960]
S3 U400mgmt;LGE U400 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\U400mgmt.sys [2010-8-27 88528]
S3 U400obex;LGE U400 USB WMC OBEX Interface;c:\windows\system32\drivers\U400obex.sys [2010-8-27 86336]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
.
=============== Created Last 30 ================
.
2011-04-13 21:39:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-13 21:39:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-13 16:10:06 -------- d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2011-04-13 16:10:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 16:10:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 16:09:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 16:09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 19:00:14 -------- d-----w- c:\program files\DivX
2011-04-07 18:57:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-24 23:17:09 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc48.tmp
.
==================== Find3M ====================
.
2011-01-24 20:00:48 1 ----a-w- c:\windows\system32\SI.bin
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: STM3250318AS rev.CC37 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T1L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2B8439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2be7d0]; MOV EAX, [0x8a2be84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A32FAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8A3319E8]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A357940]
\Driver\atapi[0x8A2D3A08] -> IRP_MJ_CREATE -> 0x8A2B8439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T1L0-e -> \??\IDE#DiskSTM3250318AS____________________________CC37____#5&18134b26&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2B827F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:17:52.35 ===============
##############
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 6:45:04 PM
System Uptime: 4/14/2011 7:00:17 PM (0 hours ago)
.
Motherboard: Foxconn | | G31MV/G31MV-K
Processor: Intel Pentium III Xeon processor | Socket 775 | 2599/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 173.592 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0DF2105B&REV_01\4&2AD917F4&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0DF2105B&REV_01\4&2AD917F4&0&00E1
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP383: 1/12/2011 8:30:52 PM - System Checkpoint
RP384: 1/12/2011 11:44:05 PM - Software Distribution Service 3.0
RP385: 1/14/2011 8:35:05 PM - System Checkpoint
RP386: 1/16/2011 5:53:16 PM - System Checkpoint
RP387: 1/17/2011 8:18:20 PM - System Checkpoint
RP388: 1/19/2011 9:48:51 PM - System Checkpoint
RP389: 1/20/2011 10:31:40 PM - System Checkpoint
RP390: 1/22/2011 7:15:04 PM - System Checkpoint
RP391: 1/23/2011 7:28:26 PM - System Checkpoint
RP392: 1/24/2011 8:01:22 PM - Installed Heroes of Might and Magic V
RP393: 1/25/2011 9:04:18 PM - System Checkpoint
RP394: 1/26/2011 11:32:43 PM - System Checkpoint
RP395: 1/28/2011 9:18:03 PM - System Checkpoint
RP396: 1/30/2011 12:46:01 AM - System Checkpoint
RP397: 2/4/2011 8:09:54 PM - System Checkpoint
RP398: 2/7/2011 8:12:59 PM - System Checkpoint
RP399: 2/9/2011 12:19:57 AM - Software Distribution Service 3.0
RP400: 2/10/2011 7:23:57 PM - System Checkpoint
RP401: 2/11/2011 9:24:03 PM - System Checkpoint
RP402: 2/13/2011 1:29:21 AM - System Checkpoint
RP403: 2/15/2011 4:31:02 PM - Removed SAGEM Wi-Fi 11g USB adapter LAN Utility
RP404: 2/16/2011 8:47:41 PM - System Checkpoint
RP405: 2/18/2011 2:12:40 AM - Software Distribution Service 3.0
RP406: 2/20/2011 10:23:35 PM - System Checkpoint
RP407: 2/24/2011 7:48:51 PM - System Checkpoint
RP408: 2/26/2011 4:11:50 PM - System Checkpoint
RP409: 2/26/2011 7:35:40 PM - Restore Operation
RP410: 3/3/2011 10:17:48 PM - Software Distribution Service 3.0
RP411: 3/5/2011 10:21:11 PM - System Checkpoint
RP412: 3/9/2011 8:30:07 PM - System Checkpoint
RP413: 3/9/2011 11:33:23 PM - Software Distribution Service 3.0
RP414: 3/11/2011 7:41:05 PM - System Checkpoint
RP415: 3/12/2011 10:08:28 PM - System Checkpoint
RP416: 3/14/2011 7:49:07 PM - System Checkpoint
RP417: 3/17/2011 8:47:35 PM - System Checkpoint
RP418: 3/20/2011 12:51:40 PM - System Checkpoint
RP419: 3/21/2011 9:08:11 PM - System Checkpoint
RP420: 3/24/2011 12:05:01 AM - Software Distribution Service 3.0
RP421: 3/24/2011 11:19:21 PM - Installed DirectX
RP422: 3/27/2011 7:15:01 PM - System Checkpoint
RP423: 3/28/2011 10:54:53 PM - System Checkpoint
RP424: 3/30/2011 5:24:13 PM - System Checkpoint
RP425: 3/31/2011 9:27:20 PM - System Checkpoint
RP426: 4/2/2011 7:50:31 PM - System Checkpoint
RP427: 4/5/2011 6:48:03 PM - System Checkpoint
RP428: 4/7/2011 7:24:02 PM - System Checkpoint
RP429: 4/9/2011 6:28:16 PM - System Checkpoint
RP430: 4/11/2011 8:17:47 PM - Restore Operation
RP431: 4/12/2011 6:05:17 PM - Restore Operation
RP432: 4/12/2011 8:09:31 PM - Removed Java(TM) 6 Update 17
RP433: 4/12/2011 8:23:21 PM - Installed Java(TM) 6 Update 24
RP434: 4/12/2011 11:06:16 PM - Restore Operation
RP435: 4/12/2011 11:08:14 PM - Restore Operation
RP436: 4/13/2011 7:25:26 PM - reg edit
RP437: 4/13/2011 9:13:20 PM - Removed PostgreSQL 8.3
RP438: 4/13/2011 10:36:56 PM - Restore Operation
.
==== Installed Programs ======================
.
3Connect
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Advanced Video FX Utility
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broken Sword Trilogy
Canon iP1900 series Printer Driver
Canon iP1900 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Celestia 1.6.0
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
Diablo II
DiRT2
EA SPORTS™ Rugby 08
Emsisoft Anti-Malware 5.0
Football Manager 2010
FOX ONE
Free M4a to MP3 Converter 6.2
Get Yahoo! Messenger
Google Update Helper
Heroes of Might and Magic V
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Full)
LG PhoneManager
LG SyncManager
LG USB Modem driver-U400
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
PartyPoker
PKR
PokerStars
PokerTracker 3 (remove only)
PostgreSQL 8.3
PowerISO
Quick Startup 2.8.0.718
QuickTime
Rapture3D 2.3.22 Game
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SightSpeed
Spotify
System Requirements Lab
Unreal Tournament 2003
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WebCam Instant Product Registration
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
World Championship Snooker 2004
XP Codec Pack
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 7:09:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
4/14/2011 6:37:37 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:37 PM, error: Service Control Manager [7034] - The BecHelperService service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:36 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2011 6:44:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu sptd ssmdrv Tcpip
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:00:32 PM, error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/12/2011 8:38:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv
4/12/2011 8:09:47 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 6:01:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/12/2011 11:13:19 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
4/11/2011 9:45:29 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
4/11/2011 8:17:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu sptd ssmdrv
4/11/2011 11:14:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/11/2011 11:14:33 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2011 11:08:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/11/2011 10:01:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================
Here are the logs of the downloaded programs, any help gratefully received:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-14 19:13:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 STM3250318AS rev.CC37
Running: dyn1rppi.exe; Driver: C:\DOCUME~1\Dan\LOCALS~1\Temp\kwroipob.sys
---- System - GMER 1.0.15 ----
SSDT spwt.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spwt.sys ZwEnumerateValueKey [0xB7ECE132]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A2B827F
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A2B827F
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1Port3Path0Target1Lun0 8A0891F8
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1 8A0891F8
Device \Driver\a0ibbuzp \Device\Scsi\a0ibbuzp1Port3Path0Target0Lun0 8A0891F8
Device \FileSystem\Ntfs \Ntfs 8A4121F8
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys
Device \Device\Ide\IdeDeviceP1T1L0-e -> \??\IDE#DiskSTM3250318AS____________________________CC37____#5&18134b26&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
#######################
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/13/2011 5:15:41 PM
mbam-log-2011-04-13 (17-15-41).txt
Scan type: Quick scan
Objects scanned: 184340
Time elapsed: 3 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\winntse.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\ksdfghk.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\Dan\local settings\Temp\0.5326623992007813.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Dan\local settings\Temp\jar_cache6136635655882958112.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.6587413872770643.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.9674578634173698.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\winntse.bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\ksdfghk.Bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/13/2011 6:21:28 PM
mbam-log-2011-04-13 (18-21-28).txt
Scan type: Full scan (C:\|)
Objects scanned: 268532
Time elapsed: 55 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\12\1e3ae18c-2bbcf9b9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\12\1e3ae18c-6c53a5b7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6351
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/14/2011 6:47:28 PM
mbam-log-2011-04-14 (18-47-28).txt
Scan type: Quick scan
Objects scanned: 181953
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\ksdfghk.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Files Infected:
c:\ksdfghk.Bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
#########################
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dan at 19:16:47.04 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dan\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\dan\desktop\PartyPoker.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E12A03E0-357A-4D08-9D38-720A10A03941} = 217.171.132.1 217.171.135.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-7 11608]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-11 2855440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-7 56816]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-9-27 1737464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-12 135664]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-11 73728]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-9-27 9216]
S3 U400bus;LGE U400 driver (WDM);c:\windows\system32\drivers\U400bus.sys [2010-8-27 61440]
S3 U400mdfl;LGE U400 USB WMC Modem Filter;c:\windows\system32\drivers\U400mdfl.sys [2010-8-27 9264]
S3 U400mdm;LGE U400 USB WMC Modem Driver;c:\windows\system32\drivers\U400mdm.sys [2010-8-27 96960]
S3 U400mgmt;LGE U400 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\U400mgmt.sys [2010-8-27 88528]
S3 U400obex;LGE U400 USB WMC OBEX Interface;c:\windows\system32\drivers\U400obex.sys [2010-8-27 86336]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]
.
=============== Created Last 30 ================
.
2011-04-13 21:39:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-13 21:39:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-13 16:10:06 -------- d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2011-04-13 16:10:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 16:10:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 16:09:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 16:09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 19:00:14 -------- d-----w- c:\program files\DivX
2011-04-07 18:57:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-24 23:17:09 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc48.tmp
.
==================== Find3M ====================
.
2011-01-24 20:00:48 1 ----a-w- c:\windows\system32\SI.bin
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: STM3250318AS rev.CC37 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T1L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2B8439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2be7d0]; MOV EAX, [0x8a2be84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A32FAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8A3319E8]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A357940]
\Driver\atapi[0x8A2D3A08] -> IRP_MJ_CREATE -> 0x8A2B8439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T1L0-e -> \??\IDE#DiskSTM3250318AS____________________________CC37____#5&18134b26&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2B827F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:17:52.35 ===============
##############
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 6:45:04 PM
System Uptime: 4/14/2011 7:00:17 PM (0 hours ago)
.
Motherboard: Foxconn | | G31MV/G31MV-K
Processor: Intel Pentium III Xeon processor | Socket 775 | 2599/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 173.592 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0DF2105B&REV_01\4&2AD917F4&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_0DF2105B&REV_01\4&2AD917F4&0&00E1
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP383: 1/12/2011 8:30:52 PM - System Checkpoint
RP384: 1/12/2011 11:44:05 PM - Software Distribution Service 3.0
RP385: 1/14/2011 8:35:05 PM - System Checkpoint
RP386: 1/16/2011 5:53:16 PM - System Checkpoint
RP387: 1/17/2011 8:18:20 PM - System Checkpoint
RP388: 1/19/2011 9:48:51 PM - System Checkpoint
RP389: 1/20/2011 10:31:40 PM - System Checkpoint
RP390: 1/22/2011 7:15:04 PM - System Checkpoint
RP391: 1/23/2011 7:28:26 PM - System Checkpoint
RP392: 1/24/2011 8:01:22 PM - Installed Heroes of Might and Magic V
RP393: 1/25/2011 9:04:18 PM - System Checkpoint
RP394: 1/26/2011 11:32:43 PM - System Checkpoint
RP395: 1/28/2011 9:18:03 PM - System Checkpoint
RP396: 1/30/2011 12:46:01 AM - System Checkpoint
RP397: 2/4/2011 8:09:54 PM - System Checkpoint
RP398: 2/7/2011 8:12:59 PM - System Checkpoint
RP399: 2/9/2011 12:19:57 AM - Software Distribution Service 3.0
RP400: 2/10/2011 7:23:57 PM - System Checkpoint
RP401: 2/11/2011 9:24:03 PM - System Checkpoint
RP402: 2/13/2011 1:29:21 AM - System Checkpoint
RP403: 2/15/2011 4:31:02 PM - Removed SAGEM Wi-Fi 11g USB adapter LAN Utility
RP404: 2/16/2011 8:47:41 PM - System Checkpoint
RP405: 2/18/2011 2:12:40 AM - Software Distribution Service 3.0
RP406: 2/20/2011 10:23:35 PM - System Checkpoint
RP407: 2/24/2011 7:48:51 PM - System Checkpoint
RP408: 2/26/2011 4:11:50 PM - System Checkpoint
RP409: 2/26/2011 7:35:40 PM - Restore Operation
RP410: 3/3/2011 10:17:48 PM - Software Distribution Service 3.0
RP411: 3/5/2011 10:21:11 PM - System Checkpoint
RP412: 3/9/2011 8:30:07 PM - System Checkpoint
RP413: 3/9/2011 11:33:23 PM - Software Distribution Service 3.0
RP414: 3/11/2011 7:41:05 PM - System Checkpoint
RP415: 3/12/2011 10:08:28 PM - System Checkpoint
RP416: 3/14/2011 7:49:07 PM - System Checkpoint
RP417: 3/17/2011 8:47:35 PM - System Checkpoint
RP418: 3/20/2011 12:51:40 PM - System Checkpoint
RP419: 3/21/2011 9:08:11 PM - System Checkpoint
RP420: 3/24/2011 12:05:01 AM - Software Distribution Service 3.0
RP421: 3/24/2011 11:19:21 PM - Installed DirectX
RP422: 3/27/2011 7:15:01 PM - System Checkpoint
RP423: 3/28/2011 10:54:53 PM - System Checkpoint
RP424: 3/30/2011 5:24:13 PM - System Checkpoint
RP425: 3/31/2011 9:27:20 PM - System Checkpoint
RP426: 4/2/2011 7:50:31 PM - System Checkpoint
RP427: 4/5/2011 6:48:03 PM - System Checkpoint
RP428: 4/7/2011 7:24:02 PM - System Checkpoint
RP429: 4/9/2011 6:28:16 PM - System Checkpoint
RP430: 4/11/2011 8:17:47 PM - Restore Operation
RP431: 4/12/2011 6:05:17 PM - Restore Operation
RP432: 4/12/2011 8:09:31 PM - Removed Java(TM) 6 Update 17
RP433: 4/12/2011 8:23:21 PM - Installed Java(TM) 6 Update 24
RP434: 4/12/2011 11:06:16 PM - Restore Operation
RP435: 4/12/2011 11:08:14 PM - Restore Operation
RP436: 4/13/2011 7:25:26 PM - reg edit
RP437: 4/13/2011 9:13:20 PM - Removed PostgreSQL 8.3
RP438: 4/13/2011 10:36:56 PM - Restore Operation
.
==== Installed Programs ======================
.
3Connect
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Advanced Video FX Utility
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broken Sword Trilogy
Canon iP1900 series Printer Driver
Canon iP1900 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Celestia 1.6.0
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
Diablo II
DiRT2
EA SPORTS™ Rugby 08
Emsisoft Anti-Malware 5.0
Football Manager 2010
FOX ONE
Free M4a to MP3 Converter 6.2
Get Yahoo! Messenger
Google Update Helper
Heroes of Might and Magic V
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Full)
LG PhoneManager
LG SyncManager
LG USB Modem driver-U400
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
PartyPoker
PKR
PokerStars
PokerTracker 3 (remove only)
PostgreSQL 8.3
PowerISO
Quick Startup 2.8.0.718
QuickTime
Rapture3D 2.3.22 Game
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SightSpeed
Spotify
System Requirements Lab
Unreal Tournament 2003
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WebCam Instant Product Registration
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
World Championship Snooker 2004
XP Codec Pack
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 7:09:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
4/14/2011 6:37:37 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:37 PM, error: Service Control Manager [7034] - The BecHelperService service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:36 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 6:37:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2011 6:44:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu sptd ssmdrv Tcpip
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:44:54 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/13/2011 6:00:32 PM, error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/12/2011 8:38:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv
4/12/2011 8:09:47 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 6:01:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/12/2011 11:13:19 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
4/11/2011 9:45:29 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
4/11/2011 8:17:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu sptd ssmdrv
4/11/2011 11:14:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/11/2011 11:14:33 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2011 11:08:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/11/2011 10:01:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================