cohconsulting
Posts: 17 +0
My daughter was in control when a really vicious batch of malware got loaded on my laptop. She has been banned, but that doesn't solve my problems.
The original symptoms were classic XP Security 2012, so I went ahead and ran through instructions found here: http://www.bleepingcomputer.com/virus-removal/remove-xp-security-2012.
These got the machine back into functionality, but there is a an ongoing problem that is being highlighted by Malwarebyte's Anti-Malware. Some process is popping up, especially when there is activity on the network card, that initiates ping.exe -- I am assuming so that it can connect with a botNet.
Any help eradicating this thing would be much appreciated!
So I have looked into the recommendations here and pulled together some logs based on recommendations I read:
Latest MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122101
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/20/2011 10:02:52 PM
mbam-log-2011-12-20 (22-02-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 215512
Time elapsed: 2 hour(s), 46 minute(s), 3 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> 2012 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Spyware.Passwords.XGen) -> Value: MozillaAgent -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.3739563370410742.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\mqtilp\setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------
GMER output:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-20 22:18:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA53A
Running: oeh5lhnw.exe; Driver: C:\DOCUME~1\cliff\LOCALS~1\Temp\pwlirpob.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7BB50E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7BB50F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7BB5120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BB5176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BB50CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BB50A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BB50B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7BB510A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BB514C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7BB5136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7BB51A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BB518C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BB5160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------------------
ESET Log:
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\YontooSetup-Silent.exe probably a variant of Win32/Adware.FVLOLCF application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\ipsec.sys Win32/Sirefef.DA trojan unable to clean
Operating memory multiple threats
-------------------------------------------------------------------------------------------
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by cliff at 0:06:52 on 2011-12-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.465 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110219104050.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\cliff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298040042200
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298040034389
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{01B1B0C2-5100-409A-A917-0015D43C427F} : DhcpNameServer = 192.168.0.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
-------------------------------------------------------------------------------------------
Attach logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2011 12:47:24 AM
System Uptime: 12/20/2011 10:06:27 PM (2 hours ago)
.
Motherboard: IBM | | 1836Q6U
Processor: Intel(R) Pentium(R) M processor 1.70GHz | None | 1698/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 11.554 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 9/28/2011 6:34:11 AM - Software Distribution Service 3.0
RP123: 9/30/2011 6:00:19 PM - System Checkpoint
RP124: 9/30/2011 8:08:37 PM - Removed SLOW-PCfighter.
RP125: 9/30/2011 9:17:48 PM - Removed NetAssistant
RP126: 10/2/2011 2:27:48 PM - System Checkpoint
RP127: 10/6/2011 6:50:47 PM - System Checkpoint
RP128: 10/7/2011 7:29:33 PM - System Checkpoint
RP129: 10/11/2011 7:45:19 PM - System Checkpoint
RP130: 10/13/2011 3:21:41 PM - Software Distribution Service 3.0
RP131: 10/26/2011 8:12:35 PM - System Checkpoint
RP132: 10/30/2011 9:23:42 AM - System Checkpoint
RP133: 11/1/2011 7:24:46 PM - System Checkpoint
RP134: 11/2/2011 8:00:27 PM - System Checkpoint
RP135: 11/4/2011 4:15:21 PM - System Checkpoint
RP136: 11/5/2011 6:53:29 PM - System Checkpoint
RP137: 11/7/2011 3:18:53 PM - System Checkpoint
RP138: 11/8/2011 7:43:54 PM - System Checkpoint
RP139: 11/9/2011 3:27:21 PM - Software Distribution Service 3.0
RP140: 11/10/2011 3:32:26 PM - System Checkpoint
RP141: 11/10/2011 10:04:04 PM - Software Distribution Service 3.0
RP142: 11/12/2011 9:46:57 AM - System Checkpoint
RP143: 11/13/2011 3:51:44 PM - System Checkpoint
RP144: 11/14/2011 6:22:56 PM - System Checkpoint
RP145: 11/15/2011 8:12:08 PM - System Checkpoint
RP146: 11/16/2011 9:38:22 PM - System Checkpoint
RP147: 11/18/2011 4:09:46 PM - System Checkpoint
RP148: 11/21/2011 3:32:28 PM - Installed DirectX
RP149: 11/22/2011 4:52:01 PM - System Checkpoint
RP150: 11/26/2011 12:50:11 PM - System Checkpoint
RP151: 11/27/2011 1:43:10 PM - System Checkpoint
RP152: 11/28/2011 8:45:37 PM - System Checkpoint
RP153: 12/2/2011 7:24:56 AM - System Checkpoint
RP154: 12/3/2011 3:54:43 PM - System Checkpoint
RP155: 12/5/2011 7:18:24 PM - System Checkpoint
RP156: 12/6/2011 8:43:02 PM - System Checkpoint
RP157: 12/8/2011 7:28:38 AM - System Checkpoint
RP158: 12/9/2011 3:48:44 PM - System Checkpoint
RP159: 12/10/2011 4:40:34 PM - System Checkpoint
RP160: 12/13/2011 7:43:51 PM - System Checkpoint
RP161: 12/15/2011 3:11:26 PM - Software Distribution Service 3.0
RP162: 12/16/2011 9:41:23 PM - System Checkpoint
RP163: 12/18/2011 9:24:21 AM - System Checkpoint
RP164: 12/19/2011 5:16:05 PM - System Checkpoint
RP165: 12/20/2011 5:19:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ATI Display Driver
Disney Toontown Online
DivX Setup
Drag-to-Disc
ESET Online Scanner v3
Google Chrome
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
IBM ThinkPad UltraNav Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Internet Security
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 8.0 (x86 en-US)
OpenOffice.org 3.3
Password Safe
QuickTime
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SmartMusic 2012
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkVantage Active Protection System
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
WinSCP 4.2.9
Wizard101
Zoo Vet
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 7:14:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Firewall Core Service service to connect.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:13:18 PM, error: PSched [14103] - QoS [Adapter {936857A3-303C-4C49-AEE2-FBF4FA5AB24A}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
12/20/2011 6:48:01 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.113. The machine with the IP address 192.168.0.105 did not allow the name to be claimed by this machine.
12/20/2011 6:37:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/20/2011 10:10:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/20/2011 10:10:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2011 7:32:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/19/2011 10:50:20 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/15/2011 3:25:21 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
The original symptoms were classic XP Security 2012, so I went ahead and ran through instructions found here: http://www.bleepingcomputer.com/virus-removal/remove-xp-security-2012.
These got the machine back into functionality, but there is a an ongoing problem that is being highlighted by Malwarebyte's Anti-Malware. Some process is popping up, especially when there is activity on the network card, that initiates ping.exe -- I am assuming so that it can connect with a botNet.
Any help eradicating this thing would be much appreciated!
So I have looked into the recommendations here and pulled together some logs based on recommendations I read:
Latest MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122101
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/20/2011 10:02:52 PM
mbam-log-2011-12-20 (22-02-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 215512
Time elapsed: 2 hour(s), 46 minute(s), 3 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> 2012 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MozillaAgent (Spyware.Passwords.XGen) -> Value: MozillaAgent -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\Temp\_ex-68.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.3739563370410742.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\mqtilp\setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------
GMER output:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-20 22:18:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA53A
Running: oeh5lhnw.exe; Driver: C:\DOCUME~1\cliff\LOCALS~1\Temp\pwlirpob.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7BB50E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7BB50F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7BB5120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7BB5176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7BB50CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7BB50A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7BB50B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7BB510A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7BB514C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7BB5136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7BB51A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7BB518C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7BB5160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------------------
ESET Log:
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\YontooSetup-Silent.exe probably a variant of Win32/Adware.FVLOLCF application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\ipsec.sys Win32/Sirefef.DA trojan unable to clean
Operating memory multiple threats
-------------------------------------------------------------------------------------------
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by cliff at 0:06:52 on 2011-12-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.465 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110219104050.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\cliff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298040042200
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298040034389
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{01B1B0C2-5100-409A-A917-0015D43C427F} : DhcpNameServer = 192.168.0.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
-------------------------------------------------------------------------------------------
Attach logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2011 12:47:24 AM
System Uptime: 12/20/2011 10:06:27 PM (2 hours ago)
.
Motherboard: IBM | | 1836Q6U
Processor: Intel(R) Pentium(R) M processor 1.70GHz | None | 1698/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 11.554 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 9/28/2011 6:34:11 AM - Software Distribution Service 3.0
RP123: 9/30/2011 6:00:19 PM - System Checkpoint
RP124: 9/30/2011 8:08:37 PM - Removed SLOW-PCfighter.
RP125: 9/30/2011 9:17:48 PM - Removed NetAssistant
RP126: 10/2/2011 2:27:48 PM - System Checkpoint
RP127: 10/6/2011 6:50:47 PM - System Checkpoint
RP128: 10/7/2011 7:29:33 PM - System Checkpoint
RP129: 10/11/2011 7:45:19 PM - System Checkpoint
RP130: 10/13/2011 3:21:41 PM - Software Distribution Service 3.0
RP131: 10/26/2011 8:12:35 PM - System Checkpoint
RP132: 10/30/2011 9:23:42 AM - System Checkpoint
RP133: 11/1/2011 7:24:46 PM - System Checkpoint
RP134: 11/2/2011 8:00:27 PM - System Checkpoint
RP135: 11/4/2011 4:15:21 PM - System Checkpoint
RP136: 11/5/2011 6:53:29 PM - System Checkpoint
RP137: 11/7/2011 3:18:53 PM - System Checkpoint
RP138: 11/8/2011 7:43:54 PM - System Checkpoint
RP139: 11/9/2011 3:27:21 PM - Software Distribution Service 3.0
RP140: 11/10/2011 3:32:26 PM - System Checkpoint
RP141: 11/10/2011 10:04:04 PM - Software Distribution Service 3.0
RP142: 11/12/2011 9:46:57 AM - System Checkpoint
RP143: 11/13/2011 3:51:44 PM - System Checkpoint
RP144: 11/14/2011 6:22:56 PM - System Checkpoint
RP145: 11/15/2011 8:12:08 PM - System Checkpoint
RP146: 11/16/2011 9:38:22 PM - System Checkpoint
RP147: 11/18/2011 4:09:46 PM - System Checkpoint
RP148: 11/21/2011 3:32:28 PM - Installed DirectX
RP149: 11/22/2011 4:52:01 PM - System Checkpoint
RP150: 11/26/2011 12:50:11 PM - System Checkpoint
RP151: 11/27/2011 1:43:10 PM - System Checkpoint
RP152: 11/28/2011 8:45:37 PM - System Checkpoint
RP153: 12/2/2011 7:24:56 AM - System Checkpoint
RP154: 12/3/2011 3:54:43 PM - System Checkpoint
RP155: 12/5/2011 7:18:24 PM - System Checkpoint
RP156: 12/6/2011 8:43:02 PM - System Checkpoint
RP157: 12/8/2011 7:28:38 AM - System Checkpoint
RP158: 12/9/2011 3:48:44 PM - System Checkpoint
RP159: 12/10/2011 4:40:34 PM - System Checkpoint
RP160: 12/13/2011 7:43:51 PM - System Checkpoint
RP161: 12/15/2011 3:11:26 PM - Software Distribution Service 3.0
RP162: 12/16/2011 9:41:23 PM - System Checkpoint
RP163: 12/18/2011 9:24:21 AM - System Checkpoint
RP164: 12/19/2011 5:16:05 PM - System Checkpoint
RP165: 12/20/2011 5:19:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ATI Display Driver
Disney Toontown Online
DivX Setup
Drag-to-Disc
ESET Online Scanner v3
Google Chrome
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
IBM ThinkPad UltraNav Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Internet Security
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 8.0 (x86 en-US)
OpenOffice.org 3.3
Password Safe
QuickTime
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SmartMusic 2012
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkVantage Active Protection System
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
WinSCP 4.2.9
Wizard101
Zoo Vet
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 7:14:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Firewall Core Service service to connect.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:14:56 PM, error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 7:13:18 PM, error: PSched [14103] - QoS [Adapter {936857A3-303C-4C49-AEE2-FBF4FA5AB24A}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
12/20/2011 6:48:01 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.113. The machine with the IP address 192.168.0.105 did not allow the name to be claimed by this machine.
12/20/2011 6:37:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/20/2011 10:10:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/20/2011 10:10:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2011 7:32:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/19/2011 10:50:20 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/15/2011 3:25:21 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================