Hi: I have a problem with internet search results being redirected to other sites. I understand this is a malware problem. I am trying to follow the 6 step virus/spyware/malware removal instructions.
I completed steps 2 and 4, but I cannot complete step 3. This may be because I don't know how to disable my antivirus.
I am by no means a computer expert, so please bear with me. My machine is running Vipre antivirus enterprise and there is a vipre client on my machine. One issue is I don't know how to disable this when needed.
I was able to download and run the Malwarebytes Anti Malware and run it. It found and removed two threats. The log is as follows:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7976
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/18/2011 6:19:56 PM
mbam-log-2011-10-18 (18-19-56).txt
Scan type: Quick scan
Objects scanned: 221778
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I was not able to get the GMER to run on my machine. This may be because I was unable to disable the Vipre antivirus.
I was able to download and run the DDS. the two logs generated by that program are as follows:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by tommenard at 18:39:38 on 2011-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1291 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PCT-SAFE\Firebird\Bin\fbguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PCT-SAFE\Firebird\Bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
c:\d4fec5a78758ec60f783adc9d2\HotFixInstaller.exe
c:\WINDOWS\system32\MsiExec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080103
uInternet Settings,ProxyServer = hxxp://ALIX-PW3HY3S5JE:8080
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://192.168.16.2/ConnectComputer/nshelp.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks enterprise solutions 8.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\gewopeva.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tommenard\application data\mozilla\firefox\profiles\lvhvtuwf.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: XUL Cache: {CC54F39D-F62A-4D80-989F-BBD563DF4660} - c:\program files\mozilla firefox\extensions\{CC54F39D-F62A-4D80-989F-BBD563DF4660}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-3-31 13400]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-3-4 203056]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\pct-safe\firebird\bin\fbguard.exe -s --> c:\pct-safe\firebird\bin\fbguard.exe -s [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2010-2-21 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-3-31 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-3-29 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2010-2-21 181584]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\pct-safe\firebird\bin\fbserver.exe -s -g --> c:\pct-safe\firebird\bin\fbserver.exe -s -g [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-14 95024]
.
=============== Created Last 30 ================
.
2011-10-18 22:39:02 -------- d-----w- C:\d4fec5a78758ec60f783adc9d2
2011-10-18 22:14:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 21:49:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-18 21:49:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-18 21:15:53 -------- d-----w- c:\documents and settings\tommenard\application data\Malwarebytes
2011-10-18 21:15:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-18 21:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 07:48:17 3615744 ----a-w- c:\windows\system32\SET89.tmp
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:49:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:47:40.19 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/8/2008 1:54:41 PM
System Uptime: 10/18/2011 6:20:43 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 50.452 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP815: 8/6/2011 9:05:54 PM - System Checkpoint
RP816: 8/7/2011 9:06:03 PM - System Checkpoint
RP817: 8/8/2011 10:05:59 PM - System Checkpoint
RP818: 8/9/2011 11:05:54 PM - System Checkpoint
RP819: 8/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP820: 8/11/2011 3:11:30 AM - System Checkpoint
RP821: 8/12/2011 4:11:28 AM - System Checkpoint
RP822: 8/13/2011 5:11:26 AM - System Checkpoint
RP823: 8/14/2011 6:11:27 AM - System Checkpoint
RP824: 8/15/2011 7:11:26 AM - System Checkpoint
RP825: 8/16/2011 8:11:21 AM - System Checkpoint
RP826: 8/17/2011 9:29:24 AM - System Checkpoint
RP827: 8/18/2011 12:07:14 PM - System Checkpoint
RP828: 8/19/2011 12:12:53 PM - System Checkpoint
RP829: 8/20/2011 1:11:10 PM - System Checkpoint
RP830: 8/21/2011 2:11:10 PM - System Checkpoint
RP831: 8/22/2011 2:18:21 PM - System Checkpoint
RP832: 8/23/2011 2:21:34 PM - System Checkpoint
RP833: 8/24/2011 11:06:07 AM - Software Distribution Service 3.0
RP834: 8/25/2011 11:30:58 AM - System Checkpoint
RP835: 8/26/2011 12:10:35 PM - System Checkpoint
RP836: 8/29/2011 12:25:14 PM - System Checkpoint
RP837: 8/30/2011 1:19:11 PM - System Checkpoint
RP838: 8/31/2011 5:14:55 PM - System Checkpoint
RP839: 9/1/2011 6:38:56 PM - System Checkpoint
RP840: 9/2/2011 7:29:47 PM - System Checkpoint
RP841: 9/3/2011 8:29:47 PM - System Checkpoint
RP842: 9/4/2011 9:17:48 PM - System Checkpoint
RP843: 9/5/2011 9:29:48 PM - System Checkpoint
RP844: 9/6/2011 10:24:04 PM - System Checkpoint
RP845: 9/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP846: 9/8/2011 3:06:47 AM - System Checkpoint
RP847: 9/9/2011 4:06:43 AM - System Checkpoint
RP848: 9/10/2011 5:06:34 AM - System Checkpoint
RP849: 9/11/2011 6:06:35 AM - System Checkpoint
RP850: 9/12/2011 7:06:33 AM - System Checkpoint
RP851: 9/13/2011 8:06:34 AM - System Checkpoint
RP852: 9/14/2011 8:18:35 AM - System Checkpoint
RP853: 9/15/2011 9:18:34 AM - System Checkpoint
RP854: 9/16/2011 3:00:21 AM - Software Distribution Service 3.0
RP855: 9/17/2011 3:23:33 AM - System Checkpoint
RP856: 9/18/2011 4:35:34 AM - System Checkpoint
RP857: 9/19/2011 5:23:32 AM - System Checkpoint
RP858: 9/20/2011 6:23:28 AM - System Checkpoint
RP859: 9/21/2011 7:23:16 AM - System Checkpoint
RP860: 9/22/2011 8:23:08 AM - System Checkpoint
RP861: 9/23/2011 9:22:56 AM - System Checkpoint
RP862: 9/24/2011 10:22:54 AM - System Checkpoint
RP863: 9/25/2011 11:22:54 AM - System Checkpoint
RP864: 9/26/2011 12:10:15 PM - System Checkpoint
RP865: 9/27/2011 12:14:22 PM - System Checkpoint
RP866: 9/28/2011 12:22:31 PM - System Checkpoint
RP867: 9/29/2011 3:00:14 AM - Software Distribution Service 3.0
RP868: 9/30/2011 3:22:23 AM - System Checkpoint
RP869: 10/1/2011 4:22:18 AM - System Checkpoint
RP870: 10/2/2011 5:22:18 AM - System Checkpoint
RP871: 10/3/2011 6:22:20 AM - System Checkpoint
RP872: 10/4/2011 7:22:10 AM - System Checkpoint
RP873: 10/5/2011 8:22:01 AM - System Checkpoint
RP874: 10/6/2011 11:10:08 AM - System Checkpoint
RP875: 10/7/2011 11:31:26 AM - System Checkpoint
RP876: 10/8/2011 12:21:46 PM - System Checkpoint
RP877: 10/9/2011 12:21:49 PM - System Checkpoint
RP878: 10/10/2011 1:54:20 PM - System Checkpoint
RP879: 10/11/2011 2:21:28 PM - System Checkpoint
RP880: 10/12/2011 4:20:13 PM - System Checkpoint
RP881: 10/13/2011 5:23:17 PM - System Checkpoint
RP882: 10/14/2011 3:00:16 AM - Software Distribution Service 3.0
RP883: 10/15/2011 3:13:15 AM - System Checkpoint
RP884: 10/16/2011 3:17:45 AM - System Checkpoint
RP885: 10/17/2011 4:17:45 AM - System Checkpoint
RP886: 10/18/2011 5:17:36 AM - System Checkpoint
RP887: 10/18/2011 3:42:48 PM - Restore Operation
RP888: 10/18/2011 3:53:26 PM - Installed Java(TM) 6 Update 29
RP889: 10/18/2011 5:45:43 PM - Restore Operation
RP890: 10/18/2011 6:34:49 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Broadcom ASF Management Applications
Broadcom Management Programs
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CPi IP Management System (Client Server)
CPIImageCtrl
deskPDF 2.5 Professional Edition
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
Google Desktop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
interneTIFF 7.1-FREE (IE Browser)
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 25
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
PCT-SAFE Online Filing
PowerDVD
QuickBooks Enterprise Solutions 8.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shadow Copy Client
Skype Toolbars
Skype™ 5.0
SmartFTP Client
SmartFTP Client 2.5 Setup Files (remove only)
SolidWorks eDrawings 2009
SolidWorks eDrawings 2010
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Sunbelt Enterprise Agent
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 6:41:03 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ALIXYALERISTAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/18/2011 5:41:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi
10/18/2011 5:40:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/18/2011 3:42:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sbaphd
10/18/2011 3:42:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
I completed steps 2 and 4, but I cannot complete step 3. This may be because I don't know how to disable my antivirus.
I am by no means a computer expert, so please bear with me. My machine is running Vipre antivirus enterprise and there is a vipre client on my machine. One issue is I don't know how to disable this when needed.
I was able to download and run the Malwarebytes Anti Malware and run it. It found and removed two threats. The log is as follows:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7976
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/18/2011 6:19:56 PM
mbam-log-2011-10-18 (18-19-56).txt
Scan type: Quick scan
Objects scanned: 221778
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I was not able to get the GMER to run on my machine. This may be because I was unable to disable the Vipre antivirus.
I was able to download and run the DDS. the two logs generated by that program are as follows:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by tommenard at 18:39:38 on 2011-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1291 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PCT-SAFE\Firebird\Bin\fbguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PCT-SAFE\Firebird\Bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB2572073-x86.exe
c:\d4fec5a78758ec60f783adc9d2\HotFixInstaller.exe
c:\WINDOWS\system32\MsiExec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080103
uInternet Settings,ProxyServer = hxxp://ALIX-PW3HY3S5JE:8080
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://192.168.16.2/ConnectComputer/nshelp.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks enterprise solutions 8.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\gewopeva.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tommenard\application data\mozilla\firefox\profiles\lvhvtuwf.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: XUL Cache: {CC54F39D-F62A-4D80-989F-BBD563DF4660} - c:\program files\mozilla firefox\extensions\{CC54F39D-F62A-4D80-989F-BBD563DF4660}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-3-31 13400]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-3-4 203056]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\pct-safe\firebird\bin\fbguard.exe -s --> c:\pct-safe\firebird\bin\fbguard.exe -s [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2010-2-21 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-3-31 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-3-29 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2010-2-21 181584]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\pct-safe\firebird\bin\fbserver.exe -s -g --> c:\pct-safe\firebird\bin\fbserver.exe -s -g [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-14 95024]
.
=============== Created Last 30 ================
.
2011-10-18 22:39:02 -------- d-----w- C:\d4fec5a78758ec60f783adc9d2
2011-10-18 22:14:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 21:49:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-18 21:49:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-18 21:15:53 -------- d-----w- c:\documents and settings\tommenard\application data\Malwarebytes
2011-10-18 21:15:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-18 21:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 07:48:17 3615744 ----a-w- c:\windows\system32\SET89.tmp
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:49:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:47:40.19 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/8/2008 1:54:41 PM
System Uptime: 10/18/2011 6:20:43 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 50.452 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP815: 8/6/2011 9:05:54 PM - System Checkpoint
RP816: 8/7/2011 9:06:03 PM - System Checkpoint
RP817: 8/8/2011 10:05:59 PM - System Checkpoint
RP818: 8/9/2011 11:05:54 PM - System Checkpoint
RP819: 8/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP820: 8/11/2011 3:11:30 AM - System Checkpoint
RP821: 8/12/2011 4:11:28 AM - System Checkpoint
RP822: 8/13/2011 5:11:26 AM - System Checkpoint
RP823: 8/14/2011 6:11:27 AM - System Checkpoint
RP824: 8/15/2011 7:11:26 AM - System Checkpoint
RP825: 8/16/2011 8:11:21 AM - System Checkpoint
RP826: 8/17/2011 9:29:24 AM - System Checkpoint
RP827: 8/18/2011 12:07:14 PM - System Checkpoint
RP828: 8/19/2011 12:12:53 PM - System Checkpoint
RP829: 8/20/2011 1:11:10 PM - System Checkpoint
RP830: 8/21/2011 2:11:10 PM - System Checkpoint
RP831: 8/22/2011 2:18:21 PM - System Checkpoint
RP832: 8/23/2011 2:21:34 PM - System Checkpoint
RP833: 8/24/2011 11:06:07 AM - Software Distribution Service 3.0
RP834: 8/25/2011 11:30:58 AM - System Checkpoint
RP835: 8/26/2011 12:10:35 PM - System Checkpoint
RP836: 8/29/2011 12:25:14 PM - System Checkpoint
RP837: 8/30/2011 1:19:11 PM - System Checkpoint
RP838: 8/31/2011 5:14:55 PM - System Checkpoint
RP839: 9/1/2011 6:38:56 PM - System Checkpoint
RP840: 9/2/2011 7:29:47 PM - System Checkpoint
RP841: 9/3/2011 8:29:47 PM - System Checkpoint
RP842: 9/4/2011 9:17:48 PM - System Checkpoint
RP843: 9/5/2011 9:29:48 PM - System Checkpoint
RP844: 9/6/2011 10:24:04 PM - System Checkpoint
RP845: 9/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP846: 9/8/2011 3:06:47 AM - System Checkpoint
RP847: 9/9/2011 4:06:43 AM - System Checkpoint
RP848: 9/10/2011 5:06:34 AM - System Checkpoint
RP849: 9/11/2011 6:06:35 AM - System Checkpoint
RP850: 9/12/2011 7:06:33 AM - System Checkpoint
RP851: 9/13/2011 8:06:34 AM - System Checkpoint
RP852: 9/14/2011 8:18:35 AM - System Checkpoint
RP853: 9/15/2011 9:18:34 AM - System Checkpoint
RP854: 9/16/2011 3:00:21 AM - Software Distribution Service 3.0
RP855: 9/17/2011 3:23:33 AM - System Checkpoint
RP856: 9/18/2011 4:35:34 AM - System Checkpoint
RP857: 9/19/2011 5:23:32 AM - System Checkpoint
RP858: 9/20/2011 6:23:28 AM - System Checkpoint
RP859: 9/21/2011 7:23:16 AM - System Checkpoint
RP860: 9/22/2011 8:23:08 AM - System Checkpoint
RP861: 9/23/2011 9:22:56 AM - System Checkpoint
RP862: 9/24/2011 10:22:54 AM - System Checkpoint
RP863: 9/25/2011 11:22:54 AM - System Checkpoint
RP864: 9/26/2011 12:10:15 PM - System Checkpoint
RP865: 9/27/2011 12:14:22 PM - System Checkpoint
RP866: 9/28/2011 12:22:31 PM - System Checkpoint
RP867: 9/29/2011 3:00:14 AM - Software Distribution Service 3.0
RP868: 9/30/2011 3:22:23 AM - System Checkpoint
RP869: 10/1/2011 4:22:18 AM - System Checkpoint
RP870: 10/2/2011 5:22:18 AM - System Checkpoint
RP871: 10/3/2011 6:22:20 AM - System Checkpoint
RP872: 10/4/2011 7:22:10 AM - System Checkpoint
RP873: 10/5/2011 8:22:01 AM - System Checkpoint
RP874: 10/6/2011 11:10:08 AM - System Checkpoint
RP875: 10/7/2011 11:31:26 AM - System Checkpoint
RP876: 10/8/2011 12:21:46 PM - System Checkpoint
RP877: 10/9/2011 12:21:49 PM - System Checkpoint
RP878: 10/10/2011 1:54:20 PM - System Checkpoint
RP879: 10/11/2011 2:21:28 PM - System Checkpoint
RP880: 10/12/2011 4:20:13 PM - System Checkpoint
RP881: 10/13/2011 5:23:17 PM - System Checkpoint
RP882: 10/14/2011 3:00:16 AM - Software Distribution Service 3.0
RP883: 10/15/2011 3:13:15 AM - System Checkpoint
RP884: 10/16/2011 3:17:45 AM - System Checkpoint
RP885: 10/17/2011 4:17:45 AM - System Checkpoint
RP886: 10/18/2011 5:17:36 AM - System Checkpoint
RP887: 10/18/2011 3:42:48 PM - Restore Operation
RP888: 10/18/2011 3:53:26 PM - Installed Java(TM) 6 Update 29
RP889: 10/18/2011 5:45:43 PM - Restore Operation
RP890: 10/18/2011 6:34:49 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Broadcom ASF Management Applications
Broadcom Management Programs
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CPi IP Management System (Client Server)
CPIImageCtrl
deskPDF 2.5 Professional Edition
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
Google Desktop
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
interneTIFF 7.1-FREE (IE Browser)
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 25
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
PCT-SAFE Online Filing
PowerDVD
QuickBooks Enterprise Solutions 8.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shadow Copy Client
Skype Toolbars
Skype™ 5.0
SmartFTP Client
SmartFTP Client 2.5 Setup Files (remove only)
SolidWorks eDrawings 2009
SolidWorks eDrawings 2010
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Sunbelt Enterprise Agent
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 6:41:03 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ALIXYALERISTAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/18/2011 5:41:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi
10/18/2011 5:40:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/18/2011 3:42:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sbaphd
10/18/2011 3:42:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================