So I've picked up a bit of a doozy of a virus recently. Whenever I would open a program, a message telling me "The maximum number of secrets that may be stored in a single system has exceeded. The length and number of secrets is limited to satisfy United States State Department export restriction." pops up. It also heavily slows down my Firefox when it loads a page that requires flash, and stops any common antivirus programs to be installed and immediately kills any antivirus programs that manages installed and tried to scan anywhere near it, along with rendering the .exe non-reusable. I've also tried process killers, as the offending virus seems to be sticking out like a sore thumb with it's process named in a random string of numbers but while it tells me the process is killed, it comes right back and the program can't seem to find the file that it originated from. So after exhausting all my amateur virus busting knowledge, I've decided to turn to more professional help.
As I stated earlier, all antivirus are rendered useless against it so I couldn't scan with neither Avira, AVG or MBAM (It seems to have a personal grudge with MBAM since it denies me access to installing it), so steps 1 and 2 are out. Here are my GMER logs:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-22 22:27:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK2552GSX rev.LV010A
Running: nley09pc.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwroypod.sys
---- System - GMER 1.0.15 ----
SSDT spnj.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spnj.sys ZwEnumerateValueKey [0xB7EC6032]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort0 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort1 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort2 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort3 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A915AEA
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8AAC81F8
Device \Driver\argdxp2s \Device\Scsi\argdxp2s1 8A617370
Device \Driver\argdxp2s \Device\Scsi\argdxp2s1Port4Path0Target0Lun0 8A617370
Device \Driver\JMCR \Device\Scsi\JMCR1 8A8271F8
Device \Driver\JMCR \Device\Scsi\JMCR2 8A8271F8
Device \Driver\JMCR \Device\Scsi\JMCR3 8A8271F8
Device \FileSystem\Ntfs \Ntfs 8AAC71F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK2552GSX_______________________LV010A__#5&496c666&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:860] AA43FFC0
Thread System [4:864] AA43FFC0
Thread System [4:868] AE7A6105
Thread System [4:872] AE7A6105
---- EOF - GMER 1.0.15 ----
And my DDS Logs:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Run by Administrator at 22:29:14 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2555.1748 [GMT -4:00]
.
AV: Defense Center *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\747482349:307458771.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\BisonCam\DeLay.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\EVEREST.Ultimate.Edition.5.30.1954.Beta\everestultimate_build_1954\everest.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com/
uInternet Settings,ProxyServer = http=106.230
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GateWay] c:\documents and settings\administrator\GateWayMain.exe
uRun: [AdobeBridge]
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [DeLay] c:\windows\bisoncam\DeLay.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunServices: [QuickTimePictureViewer] c:\program files\quicktime alternative\pictureviewer.resources\it.lproj\quicktimequicktime7.6.51327.79.exe
mRunServices: [QuickTimeQuickTimeResources] c:\program files\quicktime alternative\propertypanels\panelhelperbase.resources\de.lproj\quicktimequicktimeresources7.6.41327.58.exe
mRunServices: [PictureViewerQuickTime] c:\program files\quicktime alternative\pictureviewer.resources\it.lproj\quicktimequicktime7.6.51327.79.exe
mRunServices: [StudioMSDIA80] c:\program files\common files\microsoft shared\vc\studiomicrosoft.exe
mRunServices: [AUTHMGRSMPLFSYS] c:\program files\adobe\adobe premiere pro cs3\helix\bin\plugins\realmediasimple.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\administrator\desktop\bypass\kevin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
mASetup: {0FDEABD1-E3FE-3DDE-FAE8-CADCD636FFB5} - c:\documents and settings\administrator\application data\svchost.exe
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z1748ax6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101027100&s=
FF - prefs.js: network.proxy.ftp - 109.230.216.23
FF - prefs.js: network.proxy.ftp_port - 1080
FF - prefs.js: network.proxy.http - 109.230.216.23
FF - prefs.js: network.proxy.http_port - 1080
FF - prefs.js: network.proxy.socks - 109.230.216.23
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - 109.230.216.23
FF - prefs.js: network.proxy.ssl_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z1748ax6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-3-22 2304]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest.ultimate.edition.5.30.1954.beta\everestultimate_build_1954\kerneld.wnt [2010-8-30 27760]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-1 84240]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\131.tmp --> c:\windows\system32\131.tmp [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-12-23 17792]
S0 boci;boci;c:\windows\system32\drivers\sdvhwiu.sys --> c:\windows\system32\drivers\sdvhwiu.sys [?]
S0 dygygdv;dygygdv;c:\windows\system32\drivers\cihytg.sys --> c:\windows\system32\drivers\cihytg.sys [?]
S0 wzrwo;wzrwo; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 135664]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 135664]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-4-1 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-4-1 79360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-8-31 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-8-31 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-8-31 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\xdva326.sys --> c:\windows\system32\XDva326.sys [?]
S3 XDva328;XDva328;\??\c:\windows\system32\xdva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\xdva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva354;XDva354;\??\c:\windows\system32\xdva354.sys --> c:\windows\system32\XDva354.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S4 dwrfa;dwrfa;c:\windows\system32\drivers\cpma.sys [2010-7-10 54016]
S4 fqlpjiyc;fqlpjiyc;c:\windows\system32\drivers\htubn.sys [2010-7-9 54016]
S4 kwaxi;kwaxi;c:\windows\system32\drivers\vldso.sys [2010-7-9 54016]
S4 nepo;nepo;c:\windows\system32\drivers\dbxd.sys [2010-7-9 54016]
S4 nscb;nscb;c:\windows\system32\drivers\xiip.sys [2010-6-13 54016]
S4 sajy;sajy;c:\windows\system32\drivers\snba.sys [2010-6-13 54016]
.
=============== Created Last 30 ================
.
2073-04-13 21:17:26 203576 ---h--w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-08-23 02:02:27 -------- d-----w- c:\program files\Avira
2011-08-23 02:02:27 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-08-22 17:59:51 -------- d-----w- c:\program files\Virus Secure Lab
2011-08-18 21:45:32 -------- d-----w- c:\program files\Sophos
2011-08-18 04:28:30 -------- d-----w- c:\program files\Foxit Software
2011-08-18 03:07:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-18 03:07:16 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-08-18 02:46:24 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-08-18 02:46:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-18 02:46:00 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-18 01:00:08 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2011-08-18 00:30:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-18 00:30:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-18 00:17:57 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-08-18 00:17:55 -------- d-----w- c:\program files\Easy-Hide-IP
2011-08-17 16:37:25 -------- d-----w- C:\CherryDeGames
2011-08-11 18:00:58 -------- d-----w- c:\program files\InterActual
2011-08-07 23:13:27 -------- d-----w- c:\program files\PCSX2 0.9.8
.
==================== Find3M ====================
.
2011-08-16 18:05:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 21:16:08 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-09 21:15:50 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-09 21:15:50 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-09 20:34:07 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-08 09:07:51 201728 ----a-w- C:\zYan_ID_Changer.dll
2011-06-07 23:49:07 138056 ----a-w- c:\documents and settings\administrator\application data\PnkBstrK.sys
2011-06-07 23:48:46 90112 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-02 07:36:15 27648 ----a-w- C:\zYan_X.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK2552GSX rev.LV010A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xAE7A5660]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A90BAB8]
3 CLASSPNP[0xB810905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A7624D8]
\Driver\00002509[0x8A6B9B10] -> IRP_MJ_CREATE -> 0xAE7A5660
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK2552GSX_______________________LV010A__#5&496c666&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A915AEA
\Driver\atapi -> 0x8aac81f8
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:30:44.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/1/2008 9:48:06 PM
System Uptime: 8/18/2011 6:57:26 PM (100 hours ago)
.
Motherboard: CLEVO CO. | | M860TU
Processor: Intel Pentium III processor | U22 | 2394/mhz
Processor: Intel Pentium III processor | U22 | 2393/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 151 GiB total, 14.831 GiB free.
D: is FIXED (NTFS) - 82 GiB total, 1.902 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\90F5145890A033
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\90F5145890A033
Service: NIC1394
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: iPod touch
Device ID: ROOT\{140FD12F-CBAE-408D-9942-F919A7CB22CC}\0000
Manufacturer: Apple
Name: iPod touch
PNP Device ID: ROOT\{140FD12F-CBAE-408D-9942-F919A7CB22CC}\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP326: 7/13/2011 12:04:17 AM - System Checkpoint
RP327: 7/13/2011 3:54:07 PM - Removed Google Talk Plugin
RP328: 7/18/2011 4:00:56 AM - System Checkpoint
RP329: 7/19/2011 4:43:12 AM - System Checkpoint
RP330: 7/20/2011 5:13:55 AM - System Checkpoint
RP331: 7/20/2011 9:42:53 AM - Installed Windows XP KB917021.
RP332: 7/21/2011 10:26:28 AM - System Checkpoint
RP333: 7/24/2011 5:48:53 AM - System Checkpoint
RP334: 7/25/2011 6:31:14 AM - System Checkpoint
RP335: 7/26/2011 7:33:19 AM - System Checkpoint
RP336: 7/27/2011 8:12:09 AM - System Checkpoint
RP337: 7/28/2011 8:41:25 AM - System Checkpoint
RP338: 7/29/2011 8:53:07 AM - System Checkpoint
RP339: 7/30/2011 9:53:05 AM - System Checkpoint
RP340: 7/31/2011 12:08:33 PM - System Checkpoint
RP341: 8/1/2011 6:07:00 PM - System Checkpoint
RP342: 8/2/2011 9:24:32 PM - System Checkpoint
RP343: 8/5/2011 4:42:12 AM - System Checkpoint
RP344: 8/6/2011 4:46:15 AM - System Checkpoint
RP345: 8/7/2011 4:49:33 AM - System Checkpoint
RP346: 8/8/2011 5:07:59 AM - System Checkpoint
RP347: 8/8/2011 8:14:00 PM - Removed Assassin's Creed II
RP348: 8/10/2011 9:58:09 PM - System Checkpoint
RP349: 8/12/2011 4:32:19 AM - System Checkpoint
RP350: 8/14/2011 12:08:18 AM - System Checkpoint
RP351: 8/16/2011 12:14:08 AM - System Checkpoint
RP352: 8/16/2011 7:48:40 PM - Removed Google Talk Plugin
RP353: 8/17/2011 12:37:24 PM - Installed Dragon Nest SEA
RP354: 8/19/2011 6:32:39 AM - System Checkpoint
RP355: 8/20/2011 7:20:36 AM - System Checkpoint
RP356: 8/21/2011 8:20:39 AM - System Checkpoint
RP357: 8/22/2011 2:15:34 PM - Removed Dragon Nest SEA
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Photoshop Lightroom 2.6.1
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.4.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Aimersoft MKV Converter(Build 2.0.2.13)
Akamai NetSession Interface
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Azureus
Bandisoft MPEG-1 Decoder
Belarc Advisor 8.1
BisonCam
Bonjour
Compatibility Pack for the 2007 Office system
Connect
DAEMON Tools Toolbar
DiskAid 3.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
DragonNest
Duke Nukem Forever
Elsword version 1.00
EphPod
ESET Online Scanner v3
EVEREST Home Edition v2.20
Express Burn
Foxit Reader 5.0
Free Natural Text to Speech Reader 2008
Free Sound Recorder
Freez FLV to MP3 Converter
GamersFirst LIVE!
Gateway
Google Chrome
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
ips XP 1.11.2600
IrfanView (remove only)
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 4.1.7 (Full)
kuler
League of Legends
Mabinogi
Menu Templates - Starter Kit
Metal Assault
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Driver Installation 3.7.0
Motorola SM56 Data Fax Modem
Movie Templates - Starter Kit
Mozilla Firefox 4.0 (x86 en-US)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nexon Game Manager
NJStar Communicator
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Orbit Downloader
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Pixillion Image Converter
Protector Suite QL 5.6
PSP ISO Compressor
QuickTime
QuickTime Alternative 2.8.0
Ragnarok Online
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RegCure
S4 League_EU
Security Task Manager 1.8d
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
SoundTrax
Suite Shared Configuration CS4
SUPERAntiSpyware
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
The Core Media Player 4.0
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Media Player
Virus Effect Remover©
VLC media player 1.1.0
WebFldrs XP
WinAVI MP4 Converter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB885884
WinRAR archiver
WinSCP 4.2.8
Xilisoft iPod Rip
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/16/2011 1:05:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 0016EA5FCAC4 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/16/2011 1:05:47 PM, error: Dhcp [1002] - The IP address lease 129.133.127.105 for the Network Card with network address 0090F58B2C33 has been denied by the DHCP server 129.133.1.5 (The DHCP Server sent a DHCPNACK message).
8/15/2011 10:32:39 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016EA5FCAC4. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/15/2011 10:31:30 PM, error: Dhcp [1002] - The IP address lease 129.133.210.213 for the Network Card with network address 0016EA5FCAC4 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Thank you for your help.
As I stated earlier, all antivirus are rendered useless against it so I couldn't scan with neither Avira, AVG or MBAM (It seems to have a personal grudge with MBAM since it denies me access to installing it), so steps 1 and 2 are out. Here are my GMER logs:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-22 22:27:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK2552GSX rev.LV010A
Running: nley09pc.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwroypod.sys
---- System - GMER 1.0.15 ----
SSDT spnj.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spnj.sys ZwEnumerateValueKey [0xB7EC6032]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort0 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort1 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort2 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A915AEA
Device \Driver\atapi \Device\Ide\IdePort3 8AAC81F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A915AEA
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8AAC81F8
Device \Driver\argdxp2s \Device\Scsi\argdxp2s1 8A617370
Device \Driver\argdxp2s \Device\Scsi\argdxp2s1Port4Path0Target0Lun0 8A617370
Device \Driver\JMCR \Device\Scsi\JMCR1 8A8271F8
Device \Driver\JMCR \Device\Scsi\JMCR2 8A8271F8
Device \Driver\JMCR \Device\Scsi\JMCR3 8A8271F8
Device \FileSystem\Ntfs \Ntfs 8AAC71F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK2552GSX_______________________LV010A__#5&496c666&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:860] AA43FFC0
Thread System [4:864] AA43FFC0
Thread System [4:868] AE7A6105
Thread System [4:872] AE7A6105
---- EOF - GMER 1.0.15 ----
And my DDS Logs:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Run by Administrator at 22:29:14 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2555.1748 [GMT -4:00]
.
AV: Defense Center *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\747482349:307458771.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\BisonCam\DeLay.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\EVEREST.Ultimate.Edition.5.30.1954.Beta\everestultimate_build_1954\everest.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com/
uInternet Settings,ProxyServer = http=106.230
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GateWay] c:\documents and settings\administrator\GateWayMain.exe
uRun: [AdobeBridge]
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [DeLay] c:\windows\bisoncam\DeLay.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunServices: [QuickTimePictureViewer] c:\program files\quicktime alternative\pictureviewer.resources\it.lproj\quicktimequicktime7.6.51327.79.exe
mRunServices: [QuickTimeQuickTimeResources] c:\program files\quicktime alternative\propertypanels\panelhelperbase.resources\de.lproj\quicktimequicktimeresources7.6.41327.58.exe
mRunServices: [PictureViewerQuickTime] c:\program files\quicktime alternative\pictureviewer.resources\it.lproj\quicktimequicktime7.6.51327.79.exe
mRunServices: [StudioMSDIA80] c:\program files\common files\microsoft shared\vc\studiomicrosoft.exe
mRunServices: [AUTHMGRSMPLFSYS] c:\program files\adobe\adobe premiere pro cs3\helix\bin\plugins\realmediasimple.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\administrator\desktop\bypass\kevin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
mASetup: {0FDEABD1-E3FE-3DDE-FAE8-CADCD636FFB5} - c:\documents and settings\administrator\application data\svchost.exe
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z1748ax6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101027100&s=
FF - prefs.js: network.proxy.ftp - 109.230.216.23
FF - prefs.js: network.proxy.ftp_port - 1080
FF - prefs.js: network.proxy.http - 109.230.216.23
FF - prefs.js: network.proxy.http_port - 1080
FF - prefs.js: network.proxy.socks - 109.230.216.23
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - 109.230.216.23
FF - prefs.js: network.proxy.ssl_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z1748ax6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-3-22 2304]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest.ultimate.edition.5.30.1954.beta\everestultimate_build_1954\kerneld.wnt [2010-8-30 27760]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-1 84240]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\131.tmp --> c:\windows\system32\131.tmp [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-12-23 17792]
S0 boci;boci;c:\windows\system32\drivers\sdvhwiu.sys --> c:\windows\system32\drivers\sdvhwiu.sys [?]
S0 dygygdv;dygygdv;c:\windows\system32\drivers\cihytg.sys --> c:\windows\system32\drivers\cihytg.sys [?]
S0 wzrwo;wzrwo; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 135664]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 135664]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-4-1 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-4-1 79360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-8-31 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-8-31 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-8-31 42112]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\xdva326.sys --> c:\windows\system32\XDva326.sys [?]
S3 XDva328;XDva328;\??\c:\windows\system32\xdva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\xdva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva354;XDva354;\??\c:\windows\system32\xdva354.sys --> c:\windows\system32\XDva354.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S4 dwrfa;dwrfa;c:\windows\system32\drivers\cpma.sys [2010-7-10 54016]
S4 fqlpjiyc;fqlpjiyc;c:\windows\system32\drivers\htubn.sys [2010-7-9 54016]
S4 kwaxi;kwaxi;c:\windows\system32\drivers\vldso.sys [2010-7-9 54016]
S4 nepo;nepo;c:\windows\system32\drivers\dbxd.sys [2010-7-9 54016]
S4 nscb;nscb;c:\windows\system32\drivers\xiip.sys [2010-6-13 54016]
S4 sajy;sajy;c:\windows\system32\drivers\snba.sys [2010-6-13 54016]
.
=============== Created Last 30 ================
.
2073-04-13 21:17:26 203576 ---h--w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-08-23 02:02:27 -------- d-----w- c:\program files\Avira
2011-08-23 02:02:27 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-08-22 17:59:51 -------- d-----w- c:\program files\Virus Secure Lab
2011-08-18 21:45:32 -------- d-----w- c:\program files\Sophos
2011-08-18 04:28:30 -------- d-----w- c:\program files\Foxit Software
2011-08-18 03:07:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-18 03:07:16 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-08-18 02:46:24 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-08-18 02:46:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-18 02:46:00 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-18 01:00:08 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2011-08-18 00:30:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-18 00:30:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-18 00:17:57 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-08-18 00:17:55 -------- d-----w- c:\program files\Easy-Hide-IP
2011-08-17 16:37:25 -------- d-----w- C:\CherryDeGames
2011-08-11 18:00:58 -------- d-----w- c:\program files\InterActual
2011-08-07 23:13:27 -------- d-----w- c:\program files\PCSX2 0.9.8
.
==================== Find3M ====================
.
2011-08-16 18:05:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 21:16:08 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-09 21:15:50 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-09 21:15:50 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-09 20:34:07 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-08 09:07:51 201728 ----a-w- C:\zYan_ID_Changer.dll
2011-06-07 23:49:07 138056 ----a-w- c:\documents and settings\administrator\application data\PnkBstrK.sys
2011-06-07 23:48:46 90112 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-02 07:36:15 27648 ----a-w- C:\zYan_X.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK2552GSX rev.LV010A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xAE7A5660]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A90BAB8]
3 CLASSPNP[0xB810905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A7624D8]
\Driver\00002509[0x8A6B9B10] -> IRP_MJ_CREATE -> 0xAE7A5660
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK2552GSX_______________________LV010A__#5&496c666&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A915AEA
\Driver\atapi -> 0x8aac81f8
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:30:44.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/1/2008 9:48:06 PM
System Uptime: 8/18/2011 6:57:26 PM (100 hours ago)
.
Motherboard: CLEVO CO. | | M860TU
Processor: Intel Pentium III processor | U22 | 2394/mhz
Processor: Intel Pentium III processor | U22 | 2393/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 151 GiB total, 14.831 GiB free.
D: is FIXED (NTFS) - 82 GiB total, 1.902 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\90F5145890A033
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\90F5145890A033
Service: NIC1394
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: iPod touch
Device ID: ROOT\{140FD12F-CBAE-408D-9942-F919A7CB22CC}\0000
Manufacturer: Apple
Name: iPod touch
PNP Device ID: ROOT\{140FD12F-CBAE-408D-9942-F919A7CB22CC}\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP326: 7/13/2011 12:04:17 AM - System Checkpoint
RP327: 7/13/2011 3:54:07 PM - Removed Google Talk Plugin
RP328: 7/18/2011 4:00:56 AM - System Checkpoint
RP329: 7/19/2011 4:43:12 AM - System Checkpoint
RP330: 7/20/2011 5:13:55 AM - System Checkpoint
RP331: 7/20/2011 9:42:53 AM - Installed Windows XP KB917021.
RP332: 7/21/2011 10:26:28 AM - System Checkpoint
RP333: 7/24/2011 5:48:53 AM - System Checkpoint
RP334: 7/25/2011 6:31:14 AM - System Checkpoint
RP335: 7/26/2011 7:33:19 AM - System Checkpoint
RP336: 7/27/2011 8:12:09 AM - System Checkpoint
RP337: 7/28/2011 8:41:25 AM - System Checkpoint
RP338: 7/29/2011 8:53:07 AM - System Checkpoint
RP339: 7/30/2011 9:53:05 AM - System Checkpoint
RP340: 7/31/2011 12:08:33 PM - System Checkpoint
RP341: 8/1/2011 6:07:00 PM - System Checkpoint
RP342: 8/2/2011 9:24:32 PM - System Checkpoint
RP343: 8/5/2011 4:42:12 AM - System Checkpoint
RP344: 8/6/2011 4:46:15 AM - System Checkpoint
RP345: 8/7/2011 4:49:33 AM - System Checkpoint
RP346: 8/8/2011 5:07:59 AM - System Checkpoint
RP347: 8/8/2011 8:14:00 PM - Removed Assassin's Creed II
RP348: 8/10/2011 9:58:09 PM - System Checkpoint
RP349: 8/12/2011 4:32:19 AM - System Checkpoint
RP350: 8/14/2011 12:08:18 AM - System Checkpoint
RP351: 8/16/2011 12:14:08 AM - System Checkpoint
RP352: 8/16/2011 7:48:40 PM - Removed Google Talk Plugin
RP353: 8/17/2011 12:37:24 PM - Installed Dragon Nest SEA
RP354: 8/19/2011 6:32:39 AM - System Checkpoint
RP355: 8/20/2011 7:20:36 AM - System Checkpoint
RP356: 8/21/2011 8:20:39 AM - System Checkpoint
RP357: 8/22/2011 2:15:34 PM - Removed Dragon Nest SEA
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Photoshop Lightroom 2.6.1
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.4.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Aimersoft MKV Converter(Build 2.0.2.13)
Akamai NetSession Interface
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Azureus
Bandisoft MPEG-1 Decoder
Belarc Advisor 8.1
BisonCam
Bonjour
Compatibility Pack for the 2007 Office system
Connect
DAEMON Tools Toolbar
DiskAid 3.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
DragonNest
Duke Nukem Forever
Elsword version 1.00
EphPod
ESET Online Scanner v3
EVEREST Home Edition v2.20
Express Burn
Foxit Reader 5.0
Free Natural Text to Speech Reader 2008
Free Sound Recorder
Freez FLV to MP3 Converter
GamersFirst LIVE!
Gateway
Google Chrome
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
ips XP 1.11.2600
IrfanView (remove only)
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 4.1.7 (Full)
kuler
League of Legends
Mabinogi
Menu Templates - Starter Kit
Metal Assault
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Driver Installation 3.7.0
Motorola SM56 Data Fax Modem
Movie Templates - Starter Kit
Mozilla Firefox 4.0 (x86 en-US)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Nexon Game Manager
NJStar Communicator
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Orbit Downloader
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Pixillion Image Converter
Protector Suite QL 5.6
PSP ISO Compressor
QuickTime
QuickTime Alternative 2.8.0
Ragnarok Online
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RegCure
S4 League_EU
Security Task Manager 1.8d
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
SoundTrax
Suite Shared Configuration CS4
SUPERAntiSpyware
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
The Core Media Player 4.0
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Viewpoint Media Player
Virus Effect Remover©
VLC media player 1.1.0
WebFldrs XP
WinAVI MP4 Converter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB885884
WinRAR archiver
WinSCP 4.2.8
Xilisoft iPod Rip
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/16/2011 1:05:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 0016EA5FCAC4 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/16/2011 1:05:47 PM, error: Dhcp [1002] - The IP address lease 129.133.127.105 for the Network Card with network address 0090F58B2C33 has been denied by the DHCP server 129.133.1.5 (The DHCP Server sent a DHCPNACK message).
8/15/2011 10:32:39 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016EA5FCAC4. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/15/2011 10:31:30 PM, error: Dhcp [1002] - The IP address lease 129.133.210.213 for the Network Card with network address 0016EA5FCAC4 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Thank you for your help.