Need some help with some virus/malware issues. Was having a bunch of problems starting with getting BSOD on boot. Was able to get into Safe mode okay. Scanning revealed a slew of virus and crap that I was able to clean off. I eventually was able to boot into windows XP. I have the URL redirect problem along with IE just hanging. I could not even submit this post from IE or Firefox. when I clicked submit it gave me an error.
I have followed 8-step guide and have posted the logs below. Any help is greatly appreciated.
Step 1 - AV Scan revealed TR/Trash.gen. I had this cleaned before but it seems to have come back
Step - 2 - TFC - Ran with no problems.
Step - 3 - Malwarebytes - Ran clean
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5121
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/15/2010 1:18:21 PM
mbam-log-2010-11-15 (13-18-21).txt
Scan type: Quick scan
Objects scanned: 154508
Time elapsed: 6 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Step - 4 - GMER - Had to run from Safe mode. Found a possible problem
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-15 13:31:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort3 ST3160023A rev.8.01
Running: tgu6pet6.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kwldrpoc.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8B5B4292
Device \Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
Step 5 - DDS
DDS.txt
DDS (Ver_10-11-10.01) - NTFSx86
Run by Mike at 13:43:05.35 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2609 [GMT -6:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\chr vpn client\cvpnd.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; eMusic DLM/3; eMusic DLM/4; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_sortclothes.jhtml"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\chrobi~1.lnk - c:\program files\chr vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: chase.com\mfasa
Trusted Zone: yahoo.com\football.fantasysports
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181699082917
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181699259026
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.chrobinson.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\q50u967x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-15 64288]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-11-15 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-1 11608]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-15 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-16 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-1 185089]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-1 56816]
R2 CVPNDRV;C.H. Robinson, Inc. IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2009-3-17 267335]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-1 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-21 10384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-1 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\mike\local settings\temp\atidcmxx.sys --> c:\documents and settings\mike\local settings\temp\atidcmxx.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-19 98488]
S3 SLACKERDRV;Slacker Portable USB Driver;c:\windows\system32\drivers\SlackerUSB.sys [2008-3-3 20480]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-17 145800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-17 267760]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-17 218608]
=============== Created Last 30 ================
2010-11-15 15:34:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-15 15:26:40 -------- d-----w- c:\docume~1\mike\locals~1\applic~1\Sunbelt Software
2010-11-15 15:26:02 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-15 14:40:26 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-11-15 14:24:56 -------- d-----w- c:\program files\Sophos
2010-11-15 04:03:38 54016 ----a-w- c:\windows\system32\drivers\tkbp.sys
2010-11-14 23:32:25 54016 ----a-w- c:\windows\system32\drivers\ygbhuw.sys
2010-11-13 16:52:12 -------- d-----w- c:\docume~1\mike\applic~1\Windows Search
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-01 18:34:00 153600 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2010-11-01 18:33:54 892928 ----a-w- c:\windows\system32\iconv.dll
2010-11-01 18:33:54 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-11-01 18:33:54 496640 ----a-w- c:\windows\system32\xvid.ax
2010-11-01 18:33:51 -------- d-----w- c:\program files\Wondershare
==================== Find3M ====================
2010-11-13 20:55:33 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160023A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-10
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B7B2446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b7b8504]; MOV EAX, [0x8b7b8580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B75DAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000085[0x8B81C450]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B7C1030]
\Driver\atapi[0x8B7E0270] -> IRP_MJ_CREATE -> 0x8B7B2446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B7B2292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 13:44:59.37 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2009 2:59:14 PM
System Uptime: 11/15/2010 1:38:52 PM (0 hours ago)
Motherboard: BIOSTAR Group | | TA790GX 128M
Processor: AMD Phenom(tm) II X3 710 Processor | CPU 1 | 2600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 128 GiB total, 42.869 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 175.834 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0005
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #6
PNP Device ID: ROOT\MS_PSCHEDMP\0005
Service: PSched
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N75
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP476: 8/18/2010 7:21:42 AM - System Checkpoint
RP477: 8/19/2010 6:14:56 PM - System Checkpoint
RP478: 8/21/2010 8:40:54 AM - System Checkpoint
RP479: 8/22/2010 10:31:42 AM - System Checkpoint
RP480: 8/23/2010 4:53:50 PM - System Checkpoint
RP481: 8/24/2010 5:48:18 PM - System Checkpoint
RP482: 8/25/2010 8:14:17 PM - System Checkpoint
RP483: 8/27/2010 5:11:42 AM - System Checkpoint
RP484: 8/28/2010 11:52:33 AM - System Checkpoint
RP485: 8/29/2010 4:17:11 PM - System Checkpoint
RP486: 8/30/2010 4:51:02 PM - System Checkpoint
RP487: 8/31/2010 8:57:50 PM - System Checkpoint
RP488: 9/2/2010 10:18:36 AM - System Checkpoint
RP489: 9/3/2010 1:36:01 PM - System Checkpoint
RP490: 9/4/2010 3:25:51 PM - System Checkpoint
RP491: 9/6/2010 10:02:13 AM - System Checkpoint
RP492: 9/7/2010 11:26:02 AM - System Checkpoint
RP493: 9/8/2010 11:51:19 AM - System Checkpoint
RP494: 9/9/2010 3:27:28 PM - System Checkpoint
RP495: 9/10/2010 6:24:55 PM - System Checkpoint
RP496: 9/11/2010 8:45:42 PM - System Checkpoint
RP497: 9/12/2010 9:11:32 PM - System Checkpoint
RP498: 9/14/2010 9:01:54 AM - System Checkpoint
RP499: 9/15/2010 4:48:18 PM - System Checkpoint
RP500: 9/16/2010 8:28:05 AM - Software Distribution Service 3.0
RP501: 9/17/2010 3:08:57 PM - System Checkpoint
RP502: 9/18/2010 4:53:02 PM - System Checkpoint
RP503: 9/19/2010 4:58:10 PM - System Checkpoint
RP504: 9/20/2010 5:09:31 PM - System Checkpoint
RP505: 9/21/2010 5:53:05 PM - System Checkpoint
RP506: 9/23/2010 5:15:44 AM - System Checkpoint
RP507: 9/24/2010 7:56:37 AM - System Checkpoint
RP508: 9/25/2010 9:22:21 AM - System Checkpoint
RP509: 9/26/2010 2:18:32 PM - System Checkpoint
RP510: 9/27/2010 4:54:01 PM - System Checkpoint
RP511: 9/28/2010 8:21:30 PM - System Checkpoint
RP512: 9/30/2010 5:42:46 AM - Software Distribution Service 3.0
RP513: 10/1/2010 12:06:27 PM - System Checkpoint
RP514: 10/2/2010 2:10:38 PM - System Checkpoint
RP515: 10/3/2010 5:24:07 PM - System Checkpoint
RP516: 10/4/2010 7:24:41 PM - System Checkpoint
RP517: 10/6/2010 6:40:35 AM - System Checkpoint
RP518: 10/7/2010 12:15:54 PM - System Checkpoint
RP519: 10/8/2010 7:11:09 AM - Software Distribution Service 3.0
RP520: 10/9/2010 8:34:09 AM - System Checkpoint
RP521: 10/10/2010 8:49:13 AM - System Checkpoint
RP522: 10/10/2010 7:00:31 PM - Software Distribution Service 3.0
RP523: 10/11/2010 7:37:43 PM - System Checkpoint
RP524: 10/12/2010 7:55:08 AM - Software Distribution Service 3.0
RP525: 10/13/2010 4:51:28 PM - System Checkpoint
RP526: 10/14/2010 6:41:33 PM - System Checkpoint
RP527: 10/14/2010 9:49:27 PM - Software Distribution Service 3.0
RP528: 10/16/2010 8:50:39 AM - System Checkpoint
RP529: 10/17/2010 11:21:54 AM - System Checkpoint
RP530: 10/18/2010 4:49:43 PM - System Checkpoint
RP531: 10/19/2010 4:54:57 PM - System Checkpoint
RP532: 10/20/2010 5:06:27 PM - System Checkpoint
RP533: 10/22/2010 11:18:20 AM - System Checkpoint
RP534: 10/23/2010 3:16:01 PM - System Checkpoint
RP535: 10/24/2010 3:22:36 PM - System Checkpoint
RP536: 10/30/2010 5:21:36 PM - System Checkpoint
RP537: 10/31/2010 8:55:26 PM - System Checkpoint
RP538: 11/2/2010 11:42:56 AM - System Checkpoint
RP539: 11/3/2010 1:31:20 PM - System Checkpoint
RP540: 11/4/2010 4:24:17 PM - System Checkpoint
RP541: 11/5/2010 5:36:52 PM - System Checkpoint
RP542: 11/6/2010 8:29:45 PM - System Checkpoint
RP543: 11/7/2010 9:45:21 PM - System Checkpoint
RP544: 11/9/2010 9:05:47 AM - System Checkpoint
RP545: 11/10/2010 4:43:44 PM - System Checkpoint
RP546: 11/11/2010 8:58:56 AM - Software Distribution Service 3.0
RP547: 11/13/2010 9:37:41 AM - Restore Operation
RP548: 11/14/2010 9:53:56 AM - Software Distribution Service 3.0
==== Installed Programs ======================
3D Groove Playback Engine
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player
Advanced WindowsCare 2.50 Personal
Alien Swarm
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aspi
ASTRA32 - Advanced System Information Tool 1.54
ASUS Probe V2.20.08
AsusUpdate
ATI Catalyst Install Manager
AudioLabel
AutoStreamer
AVG Anti-Rootkit Free
Avira AntiVir Personal - Free Antivirus
Backup Expert
Bejeweled Deluxe
Big Fish Games Client
Bonjour
Call of Duty
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCHelp
CCleaner
CCScore
CDDRV_Installer
Company of Heroes
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system
CR2
CyberLink DVD Suite
DFX 8 for Windows Media Player
DinoDave2(only remove)
DIY DataRecovery DiskPatch 3
DIY DataRecovery iRecover 2.1
Dreamship Tales
Drive Manager
DVD Shrink 3.2
EC Software TNT Screen Capture 2.1
Elprime Media Recovery 1.5
eMusic Download Manager 4.0.0.5
erLT
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Folding@home-gpu
Garmin WebUpdater
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Illinois 2009
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HDD Regenerator
HiJackThis
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB933547)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HW Monitor
iCarly - iDream in Toons
ijji Auto Installer
InterActual Player
ISO Recorder
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JumpStart Numbers
JumpStart Pre-K
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Setup Client
Juniper Terminal Services Client
KhalInstallWrapper
Kodak EasyShare software
KSU
LEGO My Style Preschool
Lexmark X6100 Series
LG ODD Auto Firmware Update
LightScribe System Software 1.14.19.1
Logitech SetPoint
Lost Planet: Extreme Condition
Magic Ball 3
Mahjongg Artifacts
Mahjongg Master 5
Malwarebytes' Anti-Malware
Medical Terminology for Health Professions - Patch V2.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Movielink Manager
Mozilla Firefox (3.5.7)
MP3 Recorder Studio 5.8
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Netflix Movie Viewer
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Notifier
Now Playing: A Windows Media Player Plugin
NVIDIA Drivers
NVIDIA nForce Drivers
NVIDIA PhysX
OpenAL
OTtBP
PC Connectivity Solution
PCDLNCH
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Peggle Deluxe
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PlayLinc
PowerProducer
Print to Fax
Puppy Grows & Knows Your Name 1.0
QuickTime
RCA Digital Audio Player (Emusic Series)
Reader Rabbit Reading Ages 4-6
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RoboTask 2.5.1
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sansa Media Converter
Sansa Updater
SATARaid
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SiSoftware Sandra Lite 2009.SP2
Sophos Anti-Rootkit 1.3.1
SpongeBob SquarePants Bubble Rush!
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StarFlyers Alien Space Chase
Steam
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2008
The Elder Scrolls IV: Oblivion
The Print Shop®
Turbine Download Manager - Live
TweakRAM
UBCD4Win 3.04
Understanding Health Insurance, 8th Ed.
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
Verizon Help and Support Tool
Virtools 3D Life Player
VirtualLab Client 5.5.15
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Vision EbooksReader_e
VLC media player 1.0.5
VPN Client
Web Stream Recorder Pro
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Wizard101
WMP Playlist 2.2.1
Wondershare Video Converter Ultimate(Build 5.4.3.0)
XP Codec Pack
Yahoo! Install Manager
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
11/15/2010 8:07:45 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/15/2010 8:06:21 AM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 0000b1bb, parameter3 00000002, parameter4 00000000.
11/14/2010 11:56:59 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/14/2010 10:49:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2010 10:08:08 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:42:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/13/2010 2:42:27 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:41:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2010 2:41:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/13/2010 2:40:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/13/2010 2:40:53 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:40:20 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/13/2010 2:39:42 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/13/2010 2:31:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 2:24:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 2:24:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/13/2010 2:20:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb BIOS BS_I2cIo Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 1:22:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2010 1:21:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2010 5:43:48 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
I have followed 8-step guide and have posted the logs below. Any help is greatly appreciated.
Step 1 - AV Scan revealed TR/Trash.gen. I had this cleaned before but it seems to have come back
Step - 2 - TFC - Ran with no problems.
Step - 3 - Malwarebytes - Ran clean
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5121
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/15/2010 1:18:21 PM
mbam-log-2010-11-15 (13-18-21).txt
Scan type: Quick scan
Objects scanned: 154508
Time elapsed: 6 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Step - 4 - GMER - Had to run from Safe mode. Found a possible problem
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-15 13:31:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort3 ST3160023A rev.8.01
Running: tgu6pet6.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kwldrpoc.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8B5B4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8B5B4292
Device \Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
Step 5 - DDS
DDS.txt
DDS (Ver_10-11-10.01) - NTFSx86
Run by Mike at 13:43:05.35 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2609 [GMT -6:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\chr vpn client\cvpnd.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; eMusic DLM/3; eMusic DLM/4; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/blue/games/blue_sortclothes.jhtml"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\chrobi~1.lnk - c:\program files\chr vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: chase.com\mfasa
Trusted Zone: yahoo.com\football.fantasysports
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181699082917
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181699259026
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.chrobinson.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.chrobinson.com/dana-cached/sc/JuniperSetupClient.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\q50u967x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-15 64288]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-11-15 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-1 11608]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-15 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-3-16 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-1 185089]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-1 56816]
R2 CVPNDRV;C.H. Robinson, Inc. IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2009-3-17 267335]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-1 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-21 10384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-1 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AtiDCM;AtiDCM;\??\c:\documents and settings\mike\local settings\temp\atidcmxx.sys --> c:\documents and settings\mike\local settings\temp\atidcmxx.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-19 98488]
S3 SLACKERDRV;Slacker Portable USB Driver;c:\windows\system32\drivers\SlackerUSB.sys [2008-3-3 20480]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-17 145800]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-17 267760]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-17 218608]
=============== Created Last 30 ================
2010-11-15 15:34:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-15 15:26:40 -------- d-----w- c:\docume~1\mike\locals~1\applic~1\Sunbelt Software
2010-11-15 15:26:02 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-15 14:40:26 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-11-15 14:24:56 -------- d-----w- c:\program files\Sophos
2010-11-15 04:03:38 54016 ----a-w- c:\windows\system32\drivers\tkbp.sys
2010-11-14 23:32:25 54016 ----a-w- c:\windows\system32\drivers\ygbhuw.sys
2010-11-13 16:52:12 -------- d-----w- c:\docume~1\mike\applic~1\Windows Search
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-13 15:42:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-01 18:34:00 153600 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2010-11-01 18:33:54 892928 ----a-w- c:\windows\system32\iconv.dll
2010-11-01 18:33:54 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-11-01 18:33:54 496640 ----a-w- c:\windows\system32\xvid.ax
2010-11-01 18:33:51 -------- d-----w- c:\program files\Wondershare
==================== Find3M ====================
2010-11-13 20:55:33 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160023A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-10
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B7B2446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b7b8504]; MOV EAX, [0x8b7b8580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B75DAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000085[0x8B81C450]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B7C1030]
\Driver\atapi[0x8B7E0270] -> IRP_MJ_CREATE -> 0x8B7B2446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160023A______________________________8.01____#4a34315345574e30202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B7B2292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 13:44:59.37 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2009 2:59:14 PM
System Uptime: 11/15/2010 1:38:52 PM (0 hours ago)
Motherboard: BIOSTAR Group | | TA790GX 128M
Processor: AMD Phenom(tm) II X3 710 Processor | CPU 1 | 2600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 128 GiB total, 42.869 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 175.834 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&92
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_37001565&REV_00\3&267A616A&0&9A
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0005
Manufacturer: Microsoft
Name: Packet Scheduler Miniport #6
PNP Device ID: ROOT\MS_PSCHEDMP\0005
Service: PSched
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N75
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP476: 8/18/2010 7:21:42 AM - System Checkpoint
RP477: 8/19/2010 6:14:56 PM - System Checkpoint
RP478: 8/21/2010 8:40:54 AM - System Checkpoint
RP479: 8/22/2010 10:31:42 AM - System Checkpoint
RP480: 8/23/2010 4:53:50 PM - System Checkpoint
RP481: 8/24/2010 5:48:18 PM - System Checkpoint
RP482: 8/25/2010 8:14:17 PM - System Checkpoint
RP483: 8/27/2010 5:11:42 AM - System Checkpoint
RP484: 8/28/2010 11:52:33 AM - System Checkpoint
RP485: 8/29/2010 4:17:11 PM - System Checkpoint
RP486: 8/30/2010 4:51:02 PM - System Checkpoint
RP487: 8/31/2010 8:57:50 PM - System Checkpoint
RP488: 9/2/2010 10:18:36 AM - System Checkpoint
RP489: 9/3/2010 1:36:01 PM - System Checkpoint
RP490: 9/4/2010 3:25:51 PM - System Checkpoint
RP491: 9/6/2010 10:02:13 AM - System Checkpoint
RP492: 9/7/2010 11:26:02 AM - System Checkpoint
RP493: 9/8/2010 11:51:19 AM - System Checkpoint
RP494: 9/9/2010 3:27:28 PM - System Checkpoint
RP495: 9/10/2010 6:24:55 PM - System Checkpoint
RP496: 9/11/2010 8:45:42 PM - System Checkpoint
RP497: 9/12/2010 9:11:32 PM - System Checkpoint
RP498: 9/14/2010 9:01:54 AM - System Checkpoint
RP499: 9/15/2010 4:48:18 PM - System Checkpoint
RP500: 9/16/2010 8:28:05 AM - Software Distribution Service 3.0
RP501: 9/17/2010 3:08:57 PM - System Checkpoint
RP502: 9/18/2010 4:53:02 PM - System Checkpoint
RP503: 9/19/2010 4:58:10 PM - System Checkpoint
RP504: 9/20/2010 5:09:31 PM - System Checkpoint
RP505: 9/21/2010 5:53:05 PM - System Checkpoint
RP506: 9/23/2010 5:15:44 AM - System Checkpoint
RP507: 9/24/2010 7:56:37 AM - System Checkpoint
RP508: 9/25/2010 9:22:21 AM - System Checkpoint
RP509: 9/26/2010 2:18:32 PM - System Checkpoint
RP510: 9/27/2010 4:54:01 PM - System Checkpoint
RP511: 9/28/2010 8:21:30 PM - System Checkpoint
RP512: 9/30/2010 5:42:46 AM - Software Distribution Service 3.0
RP513: 10/1/2010 12:06:27 PM - System Checkpoint
RP514: 10/2/2010 2:10:38 PM - System Checkpoint
RP515: 10/3/2010 5:24:07 PM - System Checkpoint
RP516: 10/4/2010 7:24:41 PM - System Checkpoint
RP517: 10/6/2010 6:40:35 AM - System Checkpoint
RP518: 10/7/2010 12:15:54 PM - System Checkpoint
RP519: 10/8/2010 7:11:09 AM - Software Distribution Service 3.0
RP520: 10/9/2010 8:34:09 AM - System Checkpoint
RP521: 10/10/2010 8:49:13 AM - System Checkpoint
RP522: 10/10/2010 7:00:31 PM - Software Distribution Service 3.0
RP523: 10/11/2010 7:37:43 PM - System Checkpoint
RP524: 10/12/2010 7:55:08 AM - Software Distribution Service 3.0
RP525: 10/13/2010 4:51:28 PM - System Checkpoint
RP526: 10/14/2010 6:41:33 PM - System Checkpoint
RP527: 10/14/2010 9:49:27 PM - Software Distribution Service 3.0
RP528: 10/16/2010 8:50:39 AM - System Checkpoint
RP529: 10/17/2010 11:21:54 AM - System Checkpoint
RP530: 10/18/2010 4:49:43 PM - System Checkpoint
RP531: 10/19/2010 4:54:57 PM - System Checkpoint
RP532: 10/20/2010 5:06:27 PM - System Checkpoint
RP533: 10/22/2010 11:18:20 AM - System Checkpoint
RP534: 10/23/2010 3:16:01 PM - System Checkpoint
RP535: 10/24/2010 3:22:36 PM - System Checkpoint
RP536: 10/30/2010 5:21:36 PM - System Checkpoint
RP537: 10/31/2010 8:55:26 PM - System Checkpoint
RP538: 11/2/2010 11:42:56 AM - System Checkpoint
RP539: 11/3/2010 1:31:20 PM - System Checkpoint
RP540: 11/4/2010 4:24:17 PM - System Checkpoint
RP541: 11/5/2010 5:36:52 PM - System Checkpoint
RP542: 11/6/2010 8:29:45 PM - System Checkpoint
RP543: 11/7/2010 9:45:21 PM - System Checkpoint
RP544: 11/9/2010 9:05:47 AM - System Checkpoint
RP545: 11/10/2010 4:43:44 PM - System Checkpoint
RP546: 11/11/2010 8:58:56 AM - Software Distribution Service 3.0
RP547: 11/13/2010 9:37:41 AM - Restore Operation
RP548: 11/14/2010 9:53:56 AM - Software Distribution Service 3.0
==== Installed Programs ======================
3D Groove Playback Engine
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Adobe Shockwave Player
Advanced WindowsCare 2.50 Personal
Alien Swarm
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aspi
ASTRA32 - Advanced System Information Tool 1.54
ASUS Probe V2.20.08
AsusUpdate
ATI Catalyst Install Manager
AudioLabel
AutoStreamer
AVG Anti-Rootkit Free
Avira AntiVir Personal - Free Antivirus
Backup Expert
Bejeweled Deluxe
Big Fish Games Client
Bonjour
Call of Duty
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCHelp
CCleaner
CCScore
CDDRV_Installer
Company of Heroes
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system
CR2
CyberLink DVD Suite
DFX 8 for Windows Media Player
DinoDave2(only remove)
DIY DataRecovery DiskPatch 3
DIY DataRecovery iRecover 2.1
Dreamship Tales
Drive Manager
DVD Shrink 3.2
EC Software TNT Screen Capture 2.1
Elprime Media Recovery 1.5
eMusic Download Manager 4.0.0.5
erLT
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Folding@home-gpu
Garmin WebUpdater
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Illinois 2009
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HDD Regenerator
HiJackThis
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB933547)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HW Monitor
iCarly - iDream in Toons
ijji Auto Installer
InterActual Player
ISO Recorder
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JumpStart Numbers
JumpStart Pre-K
Juniper Networks Cache Cleaner 6.2.0
Juniper Networks Setup Client
Juniper Terminal Services Client
KhalInstallWrapper
Kodak EasyShare software
KSU
LEGO My Style Preschool
Lexmark X6100 Series
LG ODD Auto Firmware Update
LightScribe System Software 1.14.19.1
Logitech SetPoint
Lost Planet: Extreme Condition
Magic Ball 3
Mahjongg Artifacts
Mahjongg Master 5
Malwarebytes' Anti-Malware
Medical Terminology for Health Professions - Patch V2.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Movielink Manager
Mozilla Firefox (3.5.7)
MP3 Recorder Studio 5.8
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Netflix Movie Viewer
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Notifier
Now Playing: A Windows Media Player Plugin
NVIDIA Drivers
NVIDIA nForce Drivers
NVIDIA PhysX
OpenAL
OTtBP
PC Connectivity Solution
PCDLNCH
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Peggle Deluxe
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
PlayLinc
PowerProducer
Print to Fax
Puppy Grows & Knows Your Name 1.0
QuickTime
RCA Digital Audio Player (Emusic Series)
Reader Rabbit Reading Ages 4-6
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RoboTask 2.5.1
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sansa Media Converter
Sansa Updater
SATARaid
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SiSoftware Sandra Lite 2009.SP2
Sophos Anti-Rootkit 1.3.1
SpongeBob SquarePants Bubble Rush!
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StarFlyers Alien Space Chase
Steam
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2008
The Elder Scrolls IV: Oblivion
The Print Shop®
Turbine Download Manager - Live
TweakRAM
UBCD4Win 3.04
Understanding Health Insurance, 8th Ed.
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCAMCEN
Verizon Help and Support Tool
Virtools 3D Life Player
VirtualLab Client 5.5.15
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Vision EbooksReader_e
VLC media player 1.0.5
VPN Client
Web Stream Recorder Pro
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Wizard101
WMP Playlist 2.2.1
Wondershare Video Converter Ultimate(Build 5.4.3.0)
XP Codec Pack
Yahoo! Install Manager
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
11/15/2010 8:07:45 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/15/2010 8:06:21 AM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 0000b1bb, parameter3 00000002, parameter4 00000000.
11/14/2010 11:56:59 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/14/2010 10:49:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/14/2010 10:08:15 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2010 10:08:08 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 9:31:21 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:42:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
11/13/2010 2:42:27 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:41:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2010 2:41:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/13/2010 2:40:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/13/2010 2:40:53 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 2:40:20 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/13/2010 2:39:42 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/13/2010 2:31:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 2:24:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 2:24:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/13/2010 2:20:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb BIOS BS_I2cIo Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 2:20:35 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/13/2010 1:22:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2010 1:21:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/12/2010 5:43:48 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================