Looks like I managed to get a rootkit install. I am an *****.
Here's the requested logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5379
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/22/2010 9:55:45 PM
mbam-log-2010-12-22 (21-55-45).txt
Scan type: Quick scan
Objects scanned: 144735
Time elapsed: 5 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
====================================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-22 21:59:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: m8908ghl.exe; Driver: C:\Users\rdeluca\AppData\Local\Temp\kxldqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 852761F8
Device \Driver\atapi \Device\Ide\IdePort1 852761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852761F8
Device \Driver\VClone \Device\Scsi\VClone1 862C01F8
Device \FileSystem\Ntfs \Ntfs 852781F8
Device \FileSystem\fastfat \Fat 87F0A1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by rdeluca at 21:40:32.26 on Wed 12/22/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1209 [GMT -5:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\rdeluca\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Google Update] "c:\users\rdeluca\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 173.192.164.106 minecraftwiki.net www.minecraftwiki.net
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-6 61960]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-9-6 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-9-6 616816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
S3 DBGUBZD;DBGUBZD;c:\users\rdeluca\appdata\local\temp\dbgubzd.exe --> c:\users\rdeluca\appdata\local\temp\DBGUBZD.exe [?]
S3 DXP;DXP;c:\users\rdeluca\appdata\local\temp\dxp.exe --> c:\users\rdeluca\appdata\local\temp\DXP.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-23 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-23 8456]
S3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\appdata\local\temp\kcfeztamnfzo.exe --> c:\users\rdeluca\appdata\local\temp\KCFEZTAMNFZO.exe [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-6 16240]
S3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\appdata\local\temp\wagnzrhizyk.exe --> c:\users\rdeluca\appdata\local\temp\WAGNZRHIZYK.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
=============== Created Last 30 ================
2010-12-22 22:41:01 -------- d-----w- c:\users\rdeluca\appdata\roaming\Malwarebytes
2010-12-22 22:40:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40:54 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-22 22:40:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 22:40:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 20:37:05 -------- d-----w- c:\users\rdeluca\appdata\roaming\Avira
2010-12-22 20:35:33 -------- d-----w- c:\progra~2\Avira
2010-12-22 20:18:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-22 20:18:11 38848 ----a-w- c:\windows\avastSS.scr
2010-12-22 20:18:01 -------- d-----w- c:\progra~2\Alwil Software
2010-12-22 20:05:58 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cf4aaf1-f829-4b10-9356-c2e93187afc5}\mpengine.dll
2010-12-21 01:10:49 -------- d-----w- c:\windows\rescache
2010-12-15 02:52:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49:52 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49:49 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49:47 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10:22 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15:58 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2010-12-08 21:42:02 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56:39 -------- d-----w- c:\program files\common files\Motorola Shared
2010-12-08 17:54:52 -------- d-----w- C:\android
2010-12-06 06:00:15 -------- d-----w- c:\progra~2\vsosdk
2010-12-06 03:48:44 87608 ----a-w- c:\users\rdeluca\appdata\roaming\inst.exe
2010-12-06 03:48:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48:44 47360 ----a-w- c:\users\rdeluca\appdata\roaming\pcouffin.sys
2010-12-06 03:48:24 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48:24 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48:24 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48:24 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48:23 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48:23 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48:18 -------- d-----w- c:\program files\VSO
2010-12-06 03:47:24 -------- d-----w- c:\users\rdeluca\appdata\roaming\DAEMON Tools Lite
2010-12-06 03:47:19 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-11-25 01:05:05 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04:48 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-11-25 01:04:35 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-11-25 01:04:32 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-24 04:35:43 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35:42 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35:42 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35:42 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35:29 -------- d-----w- c:\program files\EASEUS
==================== Find3M ====================
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 20:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS721080G9SA00 rev.MC4OC10H -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860CD555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x860d37b0]; MOV EAX, [0x860d382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C5B458] -> \Device\Harddisk0\DR0[0x860A31C8]
3 CLASSPNP[0x893B559E] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> [0x85F76918]
5 ACPI[0x8362B3B2] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> \IdeDeviceP0T0L0-0[0x85FA3030]
\Driver\atapi[0x860A67E8] -> IRP_MJ_CREATE -> 0x860CD555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 21:41:24.98 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/6/2010 4:29:27 PM
System Uptime: 12/22/2010 6:04:28 PM (3 hours ago)
Motherboard: Dell Inc. | | 0FF093
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 72 GiB total, 3.831 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.963 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.65
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bamboo
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon Inkjet Printer Driver Add-On Module
Canon Utilities My Printer
CCleaner
Cisco NAC Agent
Conexant HDA D110 MDC V.92 Modem
Connect
ConvertXtoDVD 3.3.2.100
Cosmic Dodgeball V2.0
Defraggler
Dell Driver Download Manager
Dell Touchpad
Digital Line Detect
EASEUS Partition Master 6.5.2 Home Edition
EndItAll 2.0
Fraps
Ghost Master
Google Chrome
Half-Life 2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 18
kuler
League of Legends
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft IntelliPoint 7.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Application Compatibility Database
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Motorola Mobile Drivers Installation 4.8.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
MySQL Workbench 5.2 CE
Notepad++
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
OZ776 SCR Driver V1.1.4.202
PDF-Viewer
PDF Settings CS4
PFPortChecker 1.0.36
Photoshop Camera Raw
PuTTY version 0.60
Puzzle Quest
Recuva
RSDLite
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Skype™ 4.2
SpeedFan (remove only)
SpinnerDemo
StarCraft II
Steam
Suite Shared Configuration CS4
System Requirements Lab
Team Fortress 2
The Elder Scrolls III: Morrowind
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2466076)
USB Webcam
VC Runtimes MSI
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.5
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Mobile 5.0 SDK R2 for Smartphone
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.2.7
Wireshark 1.2.6
Xvid 1.2.1 final uninstall
==== Event Viewer Messages From Past Week ========
12/22/2010 9:36:10 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-14-D1-4D-3D-39. Network operations on this system may be disrupted as a result.
12/22/2010 6:54:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/22/2010 6:17:22 PM, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:58:59 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
12/22/2010 5:52:06 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
12/22/2010 5:51:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:36:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:34:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/22/2010 5:31:07 PM, Error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:28:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:28:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8cd9aa00, 0x00000002, 0x00000000, 0x836affb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-30139-01.
12/22/2010 4:11:03 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: Blue-PC\rdeluca Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2197.0, AS: 1.95.2197.0 Engine Version: 1.1.6402.0
12/22/2010 4:02:40 PM, Error: Service Control Manager [7030] - The OQFQTU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 4:02:35 PM, Error: Service Control Manager [7034] - The DBGUBZD service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DXP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DBGUBZD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the KCFEZTAMNFZO service to connect.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7000] - The KCFEZTAMNFZO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:58:53 PM, Error: Service Control Manager [7030] - The KCFEZTAMNFZO service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WAGNZRHIZYK service to connect.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7000] - The WAGNZRHIZYK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:57:53 PM, Error: Service Control Manager [7030] - The WAGNZRHIZYK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:55:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:55:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e8c050, 0x8b11b774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-32697-01.
12/22/2010 3:36:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/22/2010 3:30:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2197.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/22/2010 3:20:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:19:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d042f1, 0x8b113a60, 0x8b113640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-37830-01.
12/22/2010 3:06:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:01:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
12/22/2010 2:56:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d062f1, 0x8b323a60, 0x8b323640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-33119-01.
12/22/2010 2:51:26 PM, Error: Service Control Manager [7030] - The WABSLPBF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SMX service to connect.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7000] - The SMX service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 2:47:40 PM, Error: Service Control Manager [7030] - The SMX service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 12:27:31 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-17-EE-01-AB-CB. Network operations on this system may be disrupted as a result.
12/22/2010 1:04:02 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{77E81000-7855-4444-8C21-96A75B56820F} because another computer on the network has the same name. The server could not start.
12/22/2010 1:03:19 PM, Error: BridgeMP [14702] - Bridge [Adapter Intel(R) PRO/Wireless 3945ABG Network Connection]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:03:18 PM, Error: BridgeMP [14702] - Bridge [Adapter Broadcom NetXtreme 57xx Gigabit Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:02:35 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D008B58B-B602-4C7C-9BE9-607BF50A12C8} because another computer on the network has the same name. The server could not start.
12/21/2010 9:57:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/21/2010 11:52:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
12/20/2010 7:18:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.112 with the system having network hardware address 00-25-AE-71-60-5F. Network operations on this system may be disrupted as a result.
12/20/2010 2:05:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/18/2010 10:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
12/15/2010 4:16:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
==== End Of File ===========================
:-/
Here's the requested logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5379
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/22/2010 9:55:45 PM
mbam-log-2010-12-22 (21-55-45).txt
Scan type: Quick scan
Objects scanned: 144735
Time elapsed: 5 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
====================================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-22 21:59:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: m8908ghl.exe; Driver: C:\Users\rdeluca\AppData\Local\Temp\kxldqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 852761F8
Device \Driver\atapi \Device\Ide\IdePort1 852761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852761F8
Device \Driver\VClone \Device\Scsi\VClone1 862C01F8
Device \FileSystem\Ntfs \Ntfs 852781F8
Device \FileSystem\fastfat \Fat 87F0A1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by rdeluca at 21:40:32.26 on Wed 12/22/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1209 [GMT -5:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\rdeluca\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://mail.lhup.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Google Update] "c:\users\rdeluca\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 173.192.164.106 minecraftwiki.net www.minecraftwiki.net
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-6 61960]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-7-9 1053440]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-9-6 6076272]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-9-6 616816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
S3 DBGUBZD;DBGUBZD;c:\users\rdeluca\appdata\local\temp\dbgubzd.exe --> c:\users\rdeluca\appdata\local\temp\DBGUBZD.exe [?]
S3 DXP;DXP;c:\users\rdeluca\appdata\local\temp\dxp.exe --> c:\users\rdeluca\appdata\local\temp\DXP.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-11-23 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-11-23 8456]
S3 KCFEZTAMNFZO;KCFEZTAMNFZO;c:\users\rdeluca\appdata\local\temp\kcfeztamnfzo.exe --> c:\users\rdeluca\appdata\local\temp\KCFEZTAMNFZO.exe [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-6 16240]
S3 WAGNZRHIZYK;WAGNZRHIZYK;c:\users\rdeluca\appdata\local\temp\wagnzrhizyk.exe --> c:\users\rdeluca\appdata\local\temp\WAGNZRHIZYK.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
=============== Created Last 30 ================
2010-12-22 22:41:01 -------- d-----w- c:\users\rdeluca\appdata\roaming\Malwarebytes
2010-12-22 22:40:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 22:40:54 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-22 22:40:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 22:40:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 20:37:05 -------- d-----w- c:\users\rdeluca\appdata\roaming\Avira
2010-12-22 20:35:33 -------- d-----w- c:\progra~2\Avira
2010-12-22 20:18:18 -------- d-----w- C:\adfbca92fe17870c1ff1141b9ba4
2010-12-22 20:18:11 38848 ----a-w- c:\windows\avastSS.scr
2010-12-22 20:18:01 -------- d-----w- c:\progra~2\Alwil Software
2010-12-22 20:05:58 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cf4aaf1-f829-4b10-9356-c2e93187afc5}\mpengine.dll
2010-12-21 01:10:49 -------- d-----w- c:\windows\rescache
2010-12-15 02:52:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 02:49:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 02:49:52 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 02:49:49 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 02:49:47 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-10 18:10:22 -------- d-----w- c:\program files\MSXML 4.0
2010-12-09 18:15:58 539968 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2010-12-08 21:42:02 -------- d-----w- c:\program files\Motorola
2010-12-08 17:56:39 -------- d-----w- c:\program files\common files\Motorola Shared
2010-12-08 17:54:52 -------- d-----w- C:\android
2010-12-06 06:00:15 -------- d-----w- c:\progra~2\vsosdk
2010-12-06 03:48:44 87608 ----a-w- c:\users\rdeluca\appdata\roaming\inst.exe
2010-12-06 03:48:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-06 03:48:44 47360 ----a-w- c:\users\rdeluca\appdata\roaming\pcouffin.sys
2010-12-06 03:48:24 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-12-06 03:48:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-12-06 03:48:24 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-12-06 03:48:24 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-12-06 03:48:24 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-12-06 03:48:23 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-12-06 03:48:23 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-12-06 03:48:18 -------- d-----w- c:\program files\VSO
2010-12-06 03:47:24 -------- d-----w- c:\users\rdeluca\appdata\roaming\DAEMON Tools Lite
2010-12-06 03:47:19 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-11-25 01:05:05 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 01:04:48 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-11-25 01:04:35 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-11-25 01:04:32 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-24 04:35:43 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-11-24 04:35:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-11-24 04:35:42 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-11-24 04:35:42 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-11-24 04:35:42 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-11-24 04:35:29 -------- d-----w- c:\program files\EASEUS
==================== Find3M ====================
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 20:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS721080G9SA00 rev.MC4OC10H -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860CD555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x860d37b0]; MOV EAX, [0x860d382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C5B458] -> \Device\Harddisk0\DR0[0x860A31C8]
3 CLASSPNP[0x893B559E] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> [0x85F76918]
5 ACPI[0x8362B3B2] -> ntkrnlpa!IofCallDriver[0x82C5B458] -> \IdeDeviceP0T0L0-0[0x85FA3030]
\Driver\atapi[0x860A67E8] -> IRP_MJ_CREATE -> 0x860CD555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS721080G9SA00_________________MC4OC10H#5&796032e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 21:41:24.98 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/6/2010 4:29:27 PM
System Uptime: 12/22/2010 6:04:28 PM (3 hours ago)
Motherboard: Dell Inc. | | 0FF093
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 72 GiB total, 3.831 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.963 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.65
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bamboo
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon Inkjet Printer Driver Add-On Module
Canon Utilities My Printer
CCleaner
Cisco NAC Agent
Conexant HDA D110 MDC V.92 Modem
Connect
ConvertXtoDVD 3.3.2.100
Cosmic Dodgeball V2.0
Defraggler
Dell Driver Download Manager
Dell Touchpad
Digital Line Detect
EASEUS Partition Master 6.5.2 Home Edition
EndItAll 2.0
Fraps
Ghost Master
Google Chrome
Half-Life 2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 18
kuler
League of Legends
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft IntelliPoint 7.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Application Compatibility Database
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Motorola Mobile Drivers Installation 4.8.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
MySQL Workbench 5.2 CE
Notepad++
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
OZ776 SCR Driver V1.1.4.202
PDF-Viewer
PDF Settings CS4
PFPortChecker 1.0.36
Photoshop Camera Raw
PuTTY version 0.60
Puzzle Quest
Recuva
RSDLite
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Skype™ 4.2
SpeedFan (remove only)
SpinnerDemo
StarCraft II
Steam
Suite Shared Configuration CS4
System Requirements Lab
Team Fortress 2
The Elder Scrolls III: Morrowind
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2466076)
USB Webcam
VC Runtimes MSI
VirtualCloneDrive
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.5
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Mobile 5.0 SDK R2 for Smartphone
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.2.7
Wireshark 1.2.6
Xvid 1.2.1 final uninstall
==== Event Viewer Messages From Past Week ========
12/22/2010 9:36:10 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-14-D1-4D-3D-39. Network operations on this system may be disrupted as a result.
12/22/2010 6:54:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/22/2010 6:17:22 PM, Error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:58:59 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
12/22/2010 5:52:06 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
12/22/2010 5:51:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:36:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:34:00 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/22/2010 5:31:07 PM, Error: Service Control Manager [7034] - The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 5:28:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 5:28:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8cd9aa00, 0x00000002, 0x00000000, 0x836affb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-30139-01.
12/22/2010 4:11:03 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: Blue-PC\rdeluca Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2197.0, AS: 1.95.2197.0 Engine Version: 1.1.6402.0
12/22/2010 4:02:40 PM, Error: Service Control Manager [7030] - The OQFQTU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 4:02:35 PM, Error: Service Control Manager [7034] - The DBGUBZD service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DXP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7030] - The DBGUBZD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the KCFEZTAMNFZO service to connect.
12/22/2010 3:59:23 PM, Error: Service Control Manager [7000] - The KCFEZTAMNFZO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:58:53 PM, Error: Service Control Manager [7030] - The KCFEZTAMNFZO service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WAGNZRHIZYK service to connect.
12/22/2010 3:58:25 PM, Error: Service Control Manager [7000] - The WAGNZRHIZYK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 3:57:53 PM, Error: Service Control Manager [7030] - The WAGNZRHIZYK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 3:55:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:55:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e8c050, 0x8b11b774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-32697-01.
12/22/2010 3:36:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/22/2010 3:30:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.2197.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/22/2010 3:20:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:19:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d042f1, 0x8b113a60, 0x8b113640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-37830-01.
12/22/2010 3:06:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/22/2010 3:01:02 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
12/22/2010 2:56:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d062f1, 0x8b323a60, 0x8b323640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-33119-01.
12/22/2010 2:51:26 PM, Error: Service Control Manager [7030] - The WABSLPBF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SMX service to connect.
12/22/2010 2:48:10 PM, Error: Service Control Manager [7000] - The SMX service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2010 2:47:40 PM, Error: Service Control Manager [7030] - The SMX service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/22/2010 12:27:31 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-17-EE-01-AB-CB. Network operations on this system may be disrupted as a result.
12/22/2010 1:04:02 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{77E81000-7855-4444-8C21-96A75B56820F} because another computer on the network has the same name. The server could not start.
12/22/2010 1:03:19 PM, Error: BridgeMP [14702] - Bridge [Adapter Intel(R) PRO/Wireless 3945ABG Network Connection]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:03:18 PM, Error: BridgeMP [14702] - Bridge [Adapter Broadcom NetXtreme 57xx Gigabit Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
12/22/2010 1:02:35 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D008B58B-B602-4C7C-9BE9-607BF50A12C8} because another computer on the network has the same name. The server could not start.
12/21/2010 9:57:46 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/21/2010 11:52:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
12/20/2010 7:18:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.112 with the system having network hardware address 00-25-AE-71-60-5F. Network operations on this system may be disrupted as a result.
12/20/2010 2:05:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/18/2010 10:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
12/15/2010 4:16:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
==== End Of File ===========================
:-/