Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/11/2011 6:23:35 PM
mbam-log-2011-07-11 (18-23-35).txt
Scan type: Quick scan
Objects scanned: 172242
Time elapsed: 11 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-11 18:46:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9SA00 rev.FB2OC40C
Running: kjyl3vnd.exe; Driver: C:\DOCUME~1\Laurie\LOCALS~1\Temp\kwkiaaog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8654131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8654131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8654131B
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Laurie at 18:31:05 on 2011-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.447 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Realtek\Wireless LAN Utility\RtWLan.exe
C:\Program Files\Newsbin\newsbinpro.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\wireless lan utility\RtWLan.exe
TCP: Interfaces\{5E3CFA78-4DC7-4EC5-ADC7-918148CA28C1} : DhcpNameServer = 68.87.71.230 68.87.73.246
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laurie\application data\mozilla\firefox\profiles\sqwakfbo.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60061
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\laurie\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-17 55152]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-8-17 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-12 38912]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2011-7-8 332928]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-8-12 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-17 1684736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-8 8456]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
.
=============== Created Last 30 ================
.
2011-07-11 02:15:06 -------- d-----w- c:\documents and settings\laurie\DoctorWeb
2011-07-10 19:13:55 -------- d-----w- c:\windows\pss
2011-07-10 18:58:17 108 ---h--w- c:\documents and settings\laurie\application data\Plug.bat
2011-07-10 18:47:19 106 ---h--w- c:\documents and settings\laurie\application data\LocalAccountAuthority.bat
2011-07-10 18:43:06 16384 ---h--w- c:\windows\sysmgm.exe
2011-07-10 18:40:38 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Identities
2011-07-10 18:38:59 -------- d-----w- c:\documents and settings\laurie\local settings\application data\{3CBDFF8D-6575-441D-B948-4AFB3A506953}
2011-07-10 18:37:44 241 ----a-w- c:\documents and settings\laurie\delme.bat
2011-07-10 18:36:21 -------- d-----w- c:\documents and settings\all users\application data\WSTB
2011-07-10 18:35:40 180224 ----a-w- c:\documents and settings\laurie\application data\dwm.exe
2011-07-10 18:35:39 16636 ---h--w- c:\windows\dxxsetup.exe
2011-07-10 18:35:34 -------- d-----w- c:\documents and settings\laurie\application data\Qeomb
2011-07-10 18:35:34 -------- d-----w- c:\documents and settings\laurie\application data\Miugy
2011-07-10 18:35:10 100252 ---h--w- c:\windows\msmgm.exe
2011-07-10 18:34:58 106496 --sha-r- c:\windows\system32\proctexet.dll
2011-07-10 18:17:37 -------- d-----w- c:\program files\common files\Sandlot Shared
2011-07-10 18:17:20 -------- d-----w- c:\documents and settings\all users\application data\Sandlot Games
2011-07-10 18:17:19 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2011-07-10 01:35:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-09 21:55:37 -------- d-----w- c:\documents and settings\laurie\application data\PeaceCraft2
2011-07-09 20:19:12 -------- d-----w- c:\documents and settings\laurie\local settings\application data\QuickPar
2011-07-09 15:45:06 -------- d-----w- c:\documents and settings\laurie\application data\Meridian93
2011-07-09 04:59:03 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-09 04:58:33 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-09 04:58:22 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-09 04:58:22 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-09 04:58:22 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-09 04:58:22 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-09 04:58:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-09 04:58:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-09 04:58:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-09 04:58:22 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-08 11:56:03 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-08 11:56:03 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-08 11:56:02 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-08 11:56:01 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-08 11:56:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-08 11:55:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-08 11:49:41 -------- d-----w- c:\documents and settings\laurie\application data\Malwarebytes
2011-07-08 11:49:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 11:49:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-08 11:49:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-08 11:49:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 11:46:36 -------- d-----w- c:\windows\system32\PreInstall
2011-07-08 11:45:23 -------- d-----w- c:\program files\uTorrent
2011-07-08 11:44:46 -------- d-----w- c:\documents and settings\laurie\local settings\application data\uTorrent
2011-07-08 11:44:46 -------- d-----w- c:\documents and settings\laurie\application data\uTorrent
2011-07-08 11:38:01 -------- d-----w- c:\program files\QuickPar
2011-07-08 11:18:44 -------- d-----w- c:\program files\Newsbin
2011-07-08 11:18:44 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Newsbin
2011-07-08 10:56:08 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-07-08 10:56:08 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-07-08 10:56:08 1774720 ----a-w- c:\windows\system32\BootMan.exe
2011-07-08 10:56:08 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-07-08 10:56:08 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-07-08 10:55:47 -------- d-----w- c:\program files\EASEUS
2011-07-08 10:49:38 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Mozilla
2011-07-08 10:46:42 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Google
2011-07-08 10:46:25 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Deployment
2011-07-08 10:45:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-08 10:45:35 -------- d-sh--w- c:\documents and settings\laurie\IECompatCache
2011-07-08 10:44:02 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-08 10:43:59 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-07-08 10:43:43 342784 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2011-07-08 10:43:43 332928 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2011-07-08 10:43:43 -------- d-----w- c:\windows\OPTIONS
2011-07-08 10:43:37 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-07-08 10:43:37 -------- d-----w- c:\windows\system32\RtlGina
2011-07-06 07:28:33 -------- d-----w- C:\mplayer
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543216L9SA00 rev.FB2OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865414D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865477d0]; MOV EAX, [0x8654784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86523AB8]
3 CLASSPNP[0xF7630FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000063[0x865DFAB0]
5 ACPI[0xF74C7620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x865D5D98]
\Driver\atapi[0x865D45A8] -> IRP_MJ_CREATE -> 0x865414D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8654131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:33:16.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2002 5:12:20 AM
System Uptime: 7/11/2011 6:05:27 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1101HA
Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | CPU 1 | 1331/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 46 GiB total, 36.886 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 88.593 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Azurewave Wireless LAN Card
Choice Guard
Compatibility Pack for the 2007 Office system
Data Sync
EASEUS Partition Master 6.1.1 Professional
Easy Mode
EzMessenger
FontResizer
GamePark Console
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator 500
Junk Mail filter update
LiveUpdate
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Newsbin Pro
QuickPar 0.9
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
Sandlot Games Client Services 1.2.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 4:49:57 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The system cannot find the path specified. .
7/9/2011 4:49:57 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Roads of Rome\RoadsOfRome.exe. Reference error message: The operation completed successfully. .
7/10/2011 5:31:20 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/10/2011 4:10:17 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
7/10/2011 4:08:46 PM, error: SRService [104] - The System Restore initialization process failed.
7/10/2011 4:08:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00C0CA47A58E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/10/2011 4:01:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/10/2011 3:14:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:13:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2011 3:13:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/10/2011 3:01:22 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
7/10/2011 2:21:11 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
Thank you!
www.malwarebytes.org
Database version: 7052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/11/2011 6:23:35 PM
mbam-log-2011-07-11 (18-23-35).txt
Scan type: Quick scan
Objects scanned: 172242
Time elapsed: 11 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-11 18:46:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9SA00 rev.FB2OC40C
Running: kjyl3vnd.exe; Driver: C:\DOCUME~1\Laurie\LOCALS~1\Temp\kwkiaaog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8654131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8654131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8654131B
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Laurie at 18:31:05 on 2011-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.447 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Realtek\Wireless LAN Utility\RtWLan.exe
C:\Program Files\Newsbin\newsbinpro.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\wireless lan utility\RtWLan.exe
TCP: Interfaces\{5E3CFA78-4DC7-4EC5-ADC7-918148CA28C1} : DhcpNameServer = 68.87.71.230 68.87.73.246
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laurie\application data\mozilla\firefox\profiles\sqwakfbo.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60061
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\laurie\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-17 55152]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-8-17 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-12 38912]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2011-7-8 332928]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-8-12 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-17 1684736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-8 8456]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
.
=============== Created Last 30 ================
.
2011-07-11 02:15:06 -------- d-----w- c:\documents and settings\laurie\DoctorWeb
2011-07-10 19:13:55 -------- d-----w- c:\windows\pss
2011-07-10 18:58:17 108 ---h--w- c:\documents and settings\laurie\application data\Plug.bat
2011-07-10 18:47:19 106 ---h--w- c:\documents and settings\laurie\application data\LocalAccountAuthority.bat
2011-07-10 18:43:06 16384 ---h--w- c:\windows\sysmgm.exe
2011-07-10 18:40:38 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Identities
2011-07-10 18:38:59 -------- d-----w- c:\documents and settings\laurie\local settings\application data\{3CBDFF8D-6575-441D-B948-4AFB3A506953}
2011-07-10 18:37:44 241 ----a-w- c:\documents and settings\laurie\delme.bat
2011-07-10 18:36:21 -------- d-----w- c:\documents and settings\all users\application data\WSTB
2011-07-10 18:35:40 180224 ----a-w- c:\documents and settings\laurie\application data\dwm.exe
2011-07-10 18:35:39 16636 ---h--w- c:\windows\dxxsetup.exe
2011-07-10 18:35:34 -------- d-----w- c:\documents and settings\laurie\application data\Qeomb
2011-07-10 18:35:34 -------- d-----w- c:\documents and settings\laurie\application data\Miugy
2011-07-10 18:35:10 100252 ---h--w- c:\windows\msmgm.exe
2011-07-10 18:34:58 106496 --sha-r- c:\windows\system32\proctexet.dll
2011-07-10 18:17:37 -------- d-----w- c:\program files\common files\Sandlot Shared
2011-07-10 18:17:20 -------- d-----w- c:\documents and settings\all users\application data\Sandlot Games
2011-07-10 18:17:19 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2011-07-10 01:35:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-09 21:55:37 -------- d-----w- c:\documents and settings\laurie\application data\PeaceCraft2
2011-07-09 20:19:12 -------- d-----w- c:\documents and settings\laurie\local settings\application data\QuickPar
2011-07-09 15:45:06 -------- d-----w- c:\documents and settings\laurie\application data\Meridian93
2011-07-09 04:59:03 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-09 04:58:33 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-09 04:58:22 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-09 04:58:22 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-09 04:58:22 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-09 04:58:22 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-09 04:58:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-09 04:58:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-09 04:58:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-09 04:58:22 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-08 11:56:03 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-08 11:56:03 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-08 11:56:02 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-08 11:56:01 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-08 11:56:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-08 11:55:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-08 11:49:41 -------- d-----w- c:\documents and settings\laurie\application data\Malwarebytes
2011-07-08 11:49:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-08 11:49:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-08 11:49:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-08 11:49:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-08 11:46:36 -------- d-----w- c:\windows\system32\PreInstall
2011-07-08 11:45:23 -------- d-----w- c:\program files\uTorrent
2011-07-08 11:44:46 -------- d-----w- c:\documents and settings\laurie\local settings\application data\uTorrent
2011-07-08 11:44:46 -------- d-----w- c:\documents and settings\laurie\application data\uTorrent
2011-07-08 11:38:01 -------- d-----w- c:\program files\QuickPar
2011-07-08 11:18:44 -------- d-----w- c:\program files\Newsbin
2011-07-08 11:18:44 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Newsbin
2011-07-08 10:56:08 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-07-08 10:56:08 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-07-08 10:56:08 1774720 ----a-w- c:\windows\system32\BootMan.exe
2011-07-08 10:56:08 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-07-08 10:56:08 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-07-08 10:55:47 -------- d-----w- c:\program files\EASEUS
2011-07-08 10:49:38 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Mozilla
2011-07-08 10:46:42 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Google
2011-07-08 10:46:25 -------- d-----w- c:\documents and settings\laurie\local settings\application data\Deployment
2011-07-08 10:45:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-08 10:45:35 -------- d-sh--w- c:\documents and settings\laurie\IECompatCache
2011-07-08 10:44:02 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-08 10:43:59 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-07-08 10:43:43 342784 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2011-07-08 10:43:43 332928 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2011-07-08 10:43:43 -------- d-----w- c:\windows\OPTIONS
2011-07-08 10:43:37 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2011-07-08 10:43:37 -------- d-----w- c:\windows\system32\RtlGina
2011-07-06 07:28:33 -------- d-----w- C:\mplayer
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS543216L9SA00 rev.FB2OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865414D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x865477d0]; MOV EAX, [0x8654784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86523AB8]
3 CLASSPNP[0xF7630FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000063[0x865DFAB0]
5 ACPI[0xF74C7620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x865D5D98]
\Driver\atapi[0x865D45A8] -> IRP_MJ_CREATE -> 0x865414D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8654131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:33:16.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2002 5:12:20 AM
System Uptime: 7/11/2011 6:05:27 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1101HA
Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | CPU 1 | 1331/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 46 GiB total, 36.886 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 88.593 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Asus ACPI Driver
ASUS VIBE
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Azurewave Wireless LAN Card
Choice Guard
Compatibility Pack for the 2007 Office system
Data Sync
EASEUS Partition Master 6.1.1 Professional
Easy Mode
EzMessenger
FontResizer
GamePark Console
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator 500
Junk Mail filter update
LiveUpdate
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Newsbin Pro
QuickPar 0.9
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
Sandlot Games Client Services 1.2.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 4:49:57 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: The system cannot find the path specified. .
7/9/2011 4:49:57 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Roads of Rome\RoadsOfRome.exe. Reference error message: The operation completed successfully. .
7/10/2011 5:31:20 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/10/2011 4:10:17 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
7/10/2011 4:08:46 PM, error: SRService [104] - The System Restore initialization process failed.
7/10/2011 4:08:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00C0CA47A58E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/10/2011 4:01:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/10/2011 3:14:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:14:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2011 3:13:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2011 3:13:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/10/2011 3:01:22 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
7/10/2011 2:21:11 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
Thank you!