jonboysylvan
Posts: 36 +1
Hi team
Have search engine redirect virus. Did various sweeps using several scans before finding you. Trend Micro threw up MARIOFEV.X, Malwarebytes a couple of things I forget, ESET threw up Ramnit, Hitman pro nothing. Still probs with redirects, pop-ups, sites not opening. Then found you. Just done 8 steps. Still same probs. Logs posted below.
Also some possible evidence this is router-related? My wife was first to get this virus last week on work laptop (she works from home). So I assumed it was her putting portable hard drive into my PC that then led to my getting it. But her IT guys at work say they have fully reformatted her PC. She has just opened PC after receiving it back and connected to internet - started getting virus problem again straight away. But hasn't used her hard drive yet.
Anyway, logs here for my PC as prescribed in 8 steps. Please help me/us!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
25/11/2010 22:57:59
mbam-log-2010-11-25 (22-57-59).txt
Scan type: Quick scan
Objects scanned: 111545
Time elapsed: 15 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 23:09:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L020J1 rev.A93.0500
Running: ln2nd3n3.exe; Driver: C:\DOCUME~1\jon\LOCALS~1\Temp\fwrcypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-26.01) - NTFSx86
Run by jon at 23:17:06.69 on 25/11/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.255.38 [GMT 0:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jon\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\ddkusqlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-24 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-24 60936]
=============== Created Last 30 ================
2010-11-25 23:09:40 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 22:41:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 22:41:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 22:41:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 21:55:39 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 21:51:59 -------- d-----w- c:\docume~1\jon\applic~1\Avira
2010-11-24 21:38:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 21:38:20 -------- d-----w- c:\program files\Avira
2010-11-24 21:38:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-24 20:48:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 20:48:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 20:45:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-24 03:23:51 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-24 03:23:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 03:23:29 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 03:23:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-24 03:22:28 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-24 03:22:17 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-24 03:21:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-24 03:19:45 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 03:18:54 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-24 03:18:53 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-24 03:18:30 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-24 03:18:30 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-24 03:18:29 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-24 03:18:29 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-24 03:18:29 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-24 03:18:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-24 03:18:25 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-24 03:18:24 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-24 03:17:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-24 03:17:22 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-24 03:17:21 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-24 03:17:20 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-24 03:17:20 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-24 03:15:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-24 03:15:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-24 03:12:45 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-24 03:07:39 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-24 03:07:06 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-24 03:06:38 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-24 03:06:36 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-24 03:06:03 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-24 03:06:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-24 03:00:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-23 23:54:32 -------- d-----w- c:\docume~1\jon\locals~1\applic~1\ESET
2010-11-23 23:11:17 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-11-23 22:59:59 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-23 22:54:55 -------- d-----w- c:\windows\ServicePackFiles
2010-11-23 22:54:48 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-11-23 22:47:01 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-23 22:39:36 -------- d-----w- c:\windows\EHome
2010-11-23 07:36:43 -------- d-----w- c:\windows\system32\PreInstall
2010-11-23 07:36:05 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-22 23:12:58 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 09:49:11 -------- d-----w- c:\docume~1\jon\applic~1\Malwarebytes
2010-11-22 09:47:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-21 18:41:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-21 18:41:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-21 18:40:55 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-21 13:50:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-21 13:34:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-20 22:59:12 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
2010-11-20 22:59:11 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2010-11-20 22:58:48 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-20 22:58:38 -------- d-----w- c:\windows\aqmlk
2010-11-20 22:56:56 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-20 22:50:21 1287768 ----a-w- c:\windows\hpzshl01.exe
2010-11-20 22:50:19 1140312 ----a-w- c:\windows\hpzmsi01.exe
2010-11-20 22:32:05 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-11-20 22:31:34 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-11-20 22:31:34 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-11-20 22:31:34 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-11-20 22:31:34 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-11-20 22:31:34 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-11-20 22:31:32 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-11-20 22:30:14 -------- d-----w- c:\program files\HP
2010-11-20 22:14:39 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-20 22:14:39 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-20 22:11:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-20 22:11:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-09 12:35:09 -------- d-----w- c:\program files\Freeciv-2.2.3-gtk2
==================== Find3M ====================
2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec
2010-09-04 12:37:35 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2005-06-20 16:39:35 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
============= FINISH: 23:18:30.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/06/2005 21:12:22
System Uptime: 25/11/2010 22:30:22 (1 hours ago)
Motherboard: | | 8363-686A
Processor: AMD Duron(tm) processor | Slot A | 802/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 3.874 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 3.484 GiB free.
E: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP864: 23/11/2010 23:17:08 - Installed ESET NOD32 Antivirus
RP865: 24/11/2010 03:00:33 - Software Distribution Service 3.0
RP866: 24/11/2010 08:58:05 - Software Distribution Service 3.0
RP867: 24/11/2010 09:26:30 - Installed Windows XP WgaNotify.
RP868: 24/11/2010 20:40:03 - Removed ESET NOD32 Antivirus
RP869: 25/11/2010 03:01:40 - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Adobe SVG Viewer 3.0
AiO_Scan
AutoUpdate
Avira AntiVir Personal - Free Antivirus
DivX
DivX Player
Enterprise
Freeciv 2.2.3 (GTK+ client)
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
HP PSC & Officejet 4.2 Corporate Edition
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft Office XP Professional
Microsoft Visual C Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MS Access 97 SP2
Nero 6 Ultra Edition
PowerDVD
QFolder
RealPlayer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spotify
Symantec Network Drivers Update
Total Commander (Remove or Repair)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
WinRAR archiver
WinZip
==== Event Viewer Messages From Past Week ========
25/11/2010 09:15:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
25/11/2010 08:11:25, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
23/11/2010 23:11:46, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
23/11/2010 23:11:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
23/11/2010 19:37:09, error: Service Control Manager [7023] - The Windows Installer service terminated with the following error: Overlapped I/O operation is in progress.
23/11/2010 19:23:15, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
23/11/2010 19:23:15, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\aavm4h.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:15, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashBase.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:13:34, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastSvc.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:13:26, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashQuick.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:12:42, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
23/11/2010 19:11:03, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswCmnBS.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:10:52, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswScan.dll. Reference error message: The operation completed successfully. .
23/11/2010 16:55:21, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
23/11/2010 16:55:21, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/11/2010 18:06:41, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\redist.dll. Reference error message: The operation completed successfully. .
21/11/2010 17:53:24, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\setup.exe. Reference error message: The operation completed successfully. .
==== End Of File ===========================
Have search engine redirect virus. Did various sweeps using several scans before finding you. Trend Micro threw up MARIOFEV.X, Malwarebytes a couple of things I forget, ESET threw up Ramnit, Hitman pro nothing. Still probs with redirects, pop-ups, sites not opening. Then found you. Just done 8 steps. Still same probs. Logs posted below.
Also some possible evidence this is router-related? My wife was first to get this virus last week on work laptop (she works from home). So I assumed it was her putting portable hard drive into my PC that then led to my getting it. But her IT guys at work say they have fully reformatted her PC. She has just opened PC after receiving it back and connected to internet - started getting virus problem again straight away. But hasn't used her hard drive yet.
Anyway, logs here for my PC as prescribed in 8 steps. Please help me/us!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
25/11/2010 22:57:59
mbam-log-2010-11-25 (22-57-59).txt
Scan type: Quick scan
Objects scanned: 111545
Time elapsed: 15 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 23:09:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L020J1 rev.A93.0500
Running: ln2nd3n3.exe; Driver: C:\DOCUME~1\jon\LOCALS~1\Temp\fwrcypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-26.01) - NTFSx86
Run by jon at 23:17:06.69 on 25/11/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.255.38 [GMT 0:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jon\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\ddkusqlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-24 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-24 60936]
=============== Created Last 30 ================
2010-11-25 23:09:40 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 22:41:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 22:41:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 22:41:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 21:55:39 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 21:51:59 -------- d-----w- c:\docume~1\jon\applic~1\Avira
2010-11-24 21:38:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 21:38:20 -------- d-----w- c:\program files\Avira
2010-11-24 21:38:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-24 20:48:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 20:48:16 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 20:45:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-24 03:23:51 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-24 03:23:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 03:23:29 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 03:23:02 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-24 03:22:28 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-24 03:22:17 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-24 03:21:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-24 03:19:45 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 03:18:54 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-24 03:18:53 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-24 03:18:30 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-24 03:18:30 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-24 03:18:29 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-24 03:18:29 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-24 03:18:29 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-24 03:18:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-24 03:18:25 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-24 03:18:24 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-24 03:17:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-24 03:17:22 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-24 03:17:21 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-24 03:17:20 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-24 03:17:20 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-24 03:15:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-24 03:15:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-24 03:12:45 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-24 03:07:39 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-24 03:07:06 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-24 03:06:38 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-24 03:06:36 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-24 03:06:03 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-24 03:06:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-24 03:00:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-23 23:54:32 -------- d-----w- c:\docume~1\jon\locals~1\applic~1\ESET
2010-11-23 23:11:17 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-11-23 22:59:59 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-11-23 22:54:55 -------- d-----w- c:\windows\ServicePackFiles
2010-11-23 22:54:48 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-11-23 22:47:01 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-23 22:39:36 -------- d-----w- c:\windows\EHome
2010-11-23 07:36:43 -------- d-----w- c:\windows\system32\PreInstall
2010-11-23 07:36:05 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-22 23:12:58 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 09:49:11 -------- d-----w- c:\docume~1\jon\applic~1\Malwarebytes
2010-11-22 09:47:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-21 18:41:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-21 18:41:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-21 18:40:55 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-21 13:50:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-21 13:34:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-20 22:59:12 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
2010-11-20 22:59:11 117760 ----a-w- c:\windows\system32\hpz3l5k2.dll
2010-11-20 22:58:48 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-20 22:58:38 -------- d-----w- c:\windows\aqmlk
2010-11-20 22:56:56 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-20 22:50:21 1287768 ----a-w- c:\windows\hpzshl01.exe
2010-11-20 22:50:19 1140312 ----a-w- c:\windows\hpzmsi01.exe
2010-11-20 22:32:05 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-11-20 22:31:34 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-11-20 22:31:34 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-11-20 22:31:34 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-11-20 22:31:34 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-11-20 22:31:34 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-11-20 22:31:32 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-11-20 22:30:14 -------- d-----w- c:\program files\HP
2010-11-20 22:14:39 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-20 22:14:39 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-20 22:11:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-20 22:11:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-09 12:35:09 -------- d-----w- c:\program files\Freeciv-2.2.3-gtk2
==================== Find3M ====================
2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec
2010-09-04 12:37:35 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2005-06-20 16:39:35 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
============= FINISH: 23:18:30.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/06/2005 21:12:22
System Uptime: 25/11/2010 22:30:22 (1 hours ago)
Motherboard: | | 8363-686A
Processor: AMD Duron(tm) processor | Slot A | 802/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 3.874 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 3.484 GiB free.
E: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP864: 23/11/2010 23:17:08 - Installed ESET NOD32 Antivirus
RP865: 24/11/2010 03:00:33 - Software Distribution Service 3.0
RP866: 24/11/2010 08:58:05 - Software Distribution Service 3.0
RP867: 24/11/2010 09:26:30 - Installed Windows XP WgaNotify.
RP868: 24/11/2010 20:40:03 - Removed ESET NOD32 Antivirus
RP869: 25/11/2010 03:01:40 - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Adobe SVG Viewer 3.0
AiO_Scan
AutoUpdate
Avira AntiVir Personal - Free Antivirus
DivX
DivX Player
Enterprise
Freeciv 2.2.3 (GTK+ client)
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
HP PSC & Officejet 4.2 Corporate Edition
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft Office XP Professional
Microsoft Visual C Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MS Access 97 SP2
Nero 6 Ultra Edition
PowerDVD
QFolder
RealPlayer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spotify
Symantec Network Drivers Update
Total Commander (Remove or Repair)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
WinRAR archiver
WinZip
==== Event Viewer Messages From Past Week ========
25/11/2010 09:15:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
25/11/2010 08:11:25, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
23/11/2010 23:11:46, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
23/11/2010 23:11:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
23/11/2010 19:37:09, error: Service Control Manager [7023] - The Windows Installer service terminated with the following error: Overlapped I/O operation is in progress.
23/11/2010 19:23:15, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
23/11/2010 19:23:15, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\aavm4h.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:15, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:23:09, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashBase.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:13:34, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastSvc.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:13:26, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\ashQuick.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:12:42, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
23/11/2010 19:11:08, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
23/11/2010 19:11:03, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswCmnBS.dll. Reference error message: The operation completed successfully. .
23/11/2010 19:10:52, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\defs\10101100\aswScan.dll. Reference error message: The operation completed successfully. .
23/11/2010 16:55:21, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
23/11/2010 16:55:21, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
21/11/2010 18:32:45, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/11/2010 18:06:41, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\redist.dll. Reference error message: The operation completed successfully. .
21/11/2010 17:53:24, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\jon\Local Settings\Temp\avira_antivir_personal_en\setup.exe. Reference error message: The operation completed successfully. .
==== End Of File ===========================