Hi,
First off thanks for the help. This issue has really been killing me. So a few days ago my computer started regularly giving me a windows error about the Generic Host erroring and having to close. Since then occasionally my searches Firefox will be redirected to a random spam looking page. This doesn't always seem to happen. Also I occasionally get a Threat Blocked from AVG that comes from svchost.exe. The most resent was an "Exploit Pheonix" but I've seen a few different ones. I have ran AVG and it finds nothing. I ran the 8 steps and here are the logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5418
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/4/2011 11:07:41 AM
mbam-log-2011-01-04 (11-07-41).txt
Scan type: Quick scan
Objects scanned: 180304
Time elapsed: 13 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-04 11:39:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120823ASG rev.3.ADD
Running: zi7vxsdd.exe; Driver: C:\DOCUME~1\ksmith\LOCALS~1\Temp\kgtoqpoc.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT spgw.sys ZwEnumerateKey [0xB7EC8CA2]
SSDT spgw.sys ZwEnumerateValueKey [0xB7EC9030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A75639B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A75639B
Device \Driver\atapi \Device\Ide\IdePort0 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A75639B
Device \Driver\atapi \Device\Ide\IdePort1 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1 8A5591F8
Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1Port2Path0Target0Lun0 8A5591F8
Device \FileSystem\Ntfs \Ntfs 8A7E01F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by ksmith at 11:40:57.92 on Tue 01/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -8:00]
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\DkLog.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkAutoReg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ksmith\My Documents\My Dropbox\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.msn.com
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [VaCtrl] c:\program files\voiceage\common\VaCtrl.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [DkStartup] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkStartup.exe
mRun: [DkAutoReg.exe] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkAutoReg.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\ksmith\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ksmith\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261861118671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274492011630
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: DkWLNP - DkWLNP.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ksmith\applic~1\mozilla\firefox\profiles\7cdheibj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - kungfu7msrv.attdev.mforma.com
FF - prefs.js: network.proxy.http_port - 9109
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ksmith.mforma\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpIpx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Woot Watcher: {a92aadf8-193f-4a62-8740-5cce81775afc} - %profile%\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-24 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-24 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-24 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-24 243024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-24 308136]
R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2005-3-18 122880]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SEMC_SDK_Service;SEMC SDK Service;c:\sonyericsson\javame_sdk_cldc\ondevicedebug\lib\jsl.exe [2008-10-21 49152]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-7-16 12480]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-7-16 19232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-9-1 33792]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-8-31 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-7-16 22304]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
=============== Created Last 30 ================
2011-01-04 19:31:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-04 19:31:44 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-03 21:45:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-03 21:45:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-30 01:52:13 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-29 20:09:51 -------- d-----w- c:\docume~1\ksmith\applic~1\Malwarebytes
2010-12-29 20:09:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 20:09:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 20:09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-28 19:57:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-28 19:49:27 -------- d-----w- c:\docume~1\ksmith\locals~1\applic~1\Sunbelt Software
2010-12-15 20:47:38 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:47:16 45568 ------w- c:\windows\system32\dllcache\wab.exe
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A756555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a75c7b0]; MOV EAX, [0x8a75c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6C3AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A71EB80]
\Driver\atapi[0x8A6EC8C0] -> IRP_MJ_CREATE -> 0x8A756555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A75639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 11:42:57.04 ===============
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2008 12:13:07 PM
System Uptime: 1/4/2011 11:34:51 AM (0 hours ago)
Motherboard: Dell Inc. | | 0WM416
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 31.592 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.5
Adobe Stock Photos 1.0
Apple Application Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
AVG 9.0
biolsp patch
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CR9MMsetup
Critical Update for Windows Media Player 11 (KB959772)
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dexster v3.5
Digital Line Detect
Diskeeper 2007 Pro Premier
DivX Codec
DJ Java Decompiler v.3.10.10.93
Document Manager Lite
Dropbox
EditPlus 2
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Ethereal 0.99.0
Flash&Backup
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gemalto
GemSafe Standard Edition 5.1
GeoTrust Token - iKey 2000 Series v4.7 MU20.3
GNUstep Windows Core 0.22.0
GNUstep Windows Developer 1.0.0
GNUstep Windows System 0.22.0
HexEdit
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
IntelliJ IDEA 7.0.3
IntelliJ IDEA 8.0
IntelliJ IDEA 8.0.1
IntelliJ IDEA 8.1
IntelliJ IDEA 9.0
IntelliSonic Speech Enhancement
Java Auto Updater
Java DB 10.3.1.4
Java(TM) 6 Update 23
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 6
KhalInstallWrapper
Labeler
LibUSB-Win32-0.1.10.1
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Center SDK 5.3
mIWA
mLogView
mMHouse
MobileAsset
Modem Diagnostic Tool
MotoKup 0.2
Motorola Driver Installation 3.5.0
Motorola iDEN SDK for J2ME (MIDP 2.0)
Mozilla Firefox (3.6.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
MX-700 Editor
MySQL Server 4.1
mZConfig
NetWaiting
Network Stumbler 0.4.0 (remove only)
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
PNGGauntlet
PowerDVD
Preboot Manager
Private Information Manager
ProjectCenter 0.5.0
QuickSet
QuickTime
SafeNet iKey Driver v4.0.0.11
SC Ver 2.70
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Skype Toolbars
Skype™ 4.2
SMS Advanced Client
SnagIt 8
Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform
SPOT xde(R) Player DLL
Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
Spybot - Search & Destroy
SSH Secure Shell
Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
Synergy
TestTrack
TestTrack Pro
TextPad 5
TomTom HOME 2.5.2.60
TortoiseSVN 1.5.2.13595 (32 bit)
Trillian
Trusted Drive Manager
tsp patch
UltraMon
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
VC_MergeModuleToMSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.4
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinMerge 2.8.0.0
WinPcap 3.1
WinRAR archiver
YourKit Java Profiler 6.0.16
==== Event Viewer Messages From Past Week ========
12/29/2010 3:18:21 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/29/2010 3:06:25 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/29/2010 12:25:02 PM, error: System Error [1003] - Error code 10000050, parameter1 a2708000, parameter2 00000001, parameter3 8053a5b3, parameter4 00000000.
12/29/2010 12:23:30 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
12/29/2010 11:02:34 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
12/28/2010 4:01:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
12/28/2010 4:01:07 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2011 11:37:44 AM, error: Service Control Manager [7022] - The SQL Server Browser service hung on starting.
1/4/2011 11:16:28 AM, error: Service Control Manager [7034] - The SMS Remote Control Agent service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:28 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Datakey's Token Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SEMC SDK Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Virtual Channel Monitor service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Log Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/4/2011 10:55:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/4/2011 10:53:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/4/2011 10:53:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
Thanks again for the help
-Kevin
First off thanks for the help. This issue has really been killing me. So a few days ago my computer started regularly giving me a windows error about the Generic Host erroring and having to close. Since then occasionally my searches Firefox will be redirected to a random spam looking page. This doesn't always seem to happen. Also I occasionally get a Threat Blocked from AVG that comes from svchost.exe. The most resent was an "Exploit Pheonix" but I've seen a few different ones. I have ran AVG and it finds nothing. I ran the 8 steps and here are the logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5418
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/4/2011 11:07:41 AM
mbam-log-2011-01-04 (11-07-41).txt
Scan type: Quick scan
Objects scanned: 180304
Time elapsed: 13 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-04 11:39:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120823ASG rev.3.ADD
Running: zi7vxsdd.exe; Driver: C:\DOCUME~1\ksmith\LOCALS~1\Temp\kgtoqpoc.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT spgw.sys ZwEnumerateKey [0xB7EC8CA2]
SSDT spgw.sys ZwEnumerateValueKey [0xB7EC9030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A75639B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A75639B
Device \Driver\atapi \Device\Ide\IdePort0 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A75639B
Device \Driver\atapi \Device\Ide\IdePort1 [B7DE1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1 8A5591F8
Device \Driver\aa8uxesn \Device\Scsi\aa8uxesn1Port2Path0Target0Lun0 8A5591F8
Device \FileSystem\Ntfs \Ntfs 8A7E01F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by ksmith at 11:40:57.92 on Tue 01/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -8:00]
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\DkLog.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\SonyEricsson\JavaME_SDK_CLDC\OnDeviceDebug\lib\jsl.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\GeoTrust\GeoTrust Token\iKey 2000 Series Software\DkAutoReg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\ksmith\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ksmith\My Documents\My Dropbox\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.msn.com
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [VaCtrl] c:\program files\voiceage\common\VaCtrl.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [DkStartup] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkStartup.exe
mRun: [DkAutoReg.exe] c:\program files\geotrust\geotrust token\ikey 2000 series software\DkAutoReg.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\ksmith\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ksmith\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261861118671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274492011630
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: DkWLNP - DkWLNP.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ksmith\applic~1\mozilla\firefox\profiles\7cdheibj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - kungfu7msrv.attdev.mforma.com
FF - prefs.js: network.proxy.http_port - 9109
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ksmith.mforma\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\ksmith\application data\mozilla\firefox\profiles\7cdheibj.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpIpx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Woot Watcher: {a92aadf8-193f-4a62-8740-5cce81775afc} - %profile%\extensions\{a92aadf8-193f-4a62-8740-5cce81775afc}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-24 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-24 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-24 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-24 243024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-24 308136]
R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2005-3-18 122880]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SEMC_SDK_Service;SEMC SDK Service;c:\sonyericsson\javame_sdk_cldc\ondevicedebug\lib\jsl.exe [2008-10-21 49152]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2008-7-16 12480]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2008-7-16 19232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-9-1 33792]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-8-31 42112]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2008-7-16 22304]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
=============== Created Last 30 ================
2011-01-04 19:31:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-04 19:31:44 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-03 21:45:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-03 21:45:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-30 01:52:13 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-29 20:09:51 -------- d-----w- c:\docume~1\ksmith\applic~1\Malwarebytes
2010-12-29 20:09:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 20:09:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 20:09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-28 19:57:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-28 19:49:27 -------- d-----w- c:\docume~1\ksmith\locals~1\applic~1\Sunbelt Software
2010-12-15 20:47:38 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:47:16 45568 ------w- c:\windows\system32\dllcache\wab.exe
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 00:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A756555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a75c7b0]; MOV EAX, [0x8a75c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6C3AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A71EB80]
\Driver\atapi[0x8A6EC8C0] -> IRP_MJ_CREATE -> 0x8A756555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&266ff5a6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A75639B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 11:42:57.04 ===============
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2008 12:13:07 PM
System Uptime: 1/4/2011 11:34:51 AM (0 hours ago)
Motherboard: Dell Inc. | | 0WM416
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 31.592 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.5
Adobe Stock Photos 1.0
Apple Application Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
AVG 9.0
biolsp patch
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CR9MMsetup
Critical Update for Windows Media Player 11 (KB959772)
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dexster v3.5
Digital Line Detect
Diskeeper 2007 Pro Premier
DivX Codec
DJ Java Decompiler v.3.10.10.93
Document Manager Lite
Dropbox
EditPlus 2
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Ethereal 0.99.0
Flash&Backup
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gemalto
GemSafe Standard Edition 5.1
GeoTrust Token - iKey 2000 Series v4.7 MU20.3
GNUstep Windows Core 0.22.0
GNUstep Windows Developer 1.0.0
GNUstep Windows System 0.22.0
HexEdit
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
IntelliJ IDEA 7.0.3
IntelliJ IDEA 8.0
IntelliJ IDEA 8.0.1
IntelliJ IDEA 8.1
IntelliJ IDEA 9.0
IntelliSonic Speech Enhancement
Java Auto Updater
Java DB 10.3.1.4
Java(TM) 6 Update 23
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 6
KhalInstallWrapper
Labeler
LibUSB-Win32-0.1.10.1
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Center SDK 5.3
mIWA
mLogView
mMHouse
MobileAsset
Modem Diagnostic Tool
MotoKup 0.2
Motorola Driver Installation 3.5.0
Motorola iDEN SDK for J2ME (MIDP 2.0)
Mozilla Firefox (3.6.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
MX-700 Editor
MySQL Server 4.1
mZConfig
NetWaiting
Network Stumbler 0.4.0 (remove only)
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
PNGGauntlet
PowerDVD
Preboot Manager
Private Information Manager
ProjectCenter 0.5.0
QuickSet
QuickTime
SafeNet iKey Driver v4.0.0.11
SC Ver 2.70
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Skype Toolbars
Skype™ 4.2
SMS Advanced Client
SnagIt 8
Sony Ericsson SDK 2.5.0.3 (build 1143) for the Java(TM) ME Platform
SPOT xde(R) Player DLL
Sprint Wireless Toolkit 3.3.2 - Powered by Sun Java Technology
Spybot - Search & Destroy
SSH Secure Shell
Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC
Synergy
TestTrack
TestTrack Pro
TextPad 5
TomTom HOME 2.5.2.60
TortoiseSVN 1.5.2.13595 (32 bit)
Trillian
Trusted Drive Manager
tsp patch
UltraMon
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
VC_MergeModuleToMSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.4
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinMerge 2.8.0.0
WinPcap 3.1
WinRAR archiver
YourKit Java Profiler 6.0.16
==== Event Viewer Messages From Past Week ========
12/29/2010 3:18:21 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/29/2010 3:06:25 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/29/2010 12:25:02 PM, error: System Error [1003] - Error code 10000050, parameter1 a2708000, parameter2 00000001, parameter3 8053a5b3, parameter4 00000000.
12/29/2010 12:23:30 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
12/29/2010 11:02:34 AM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
12/28/2010 4:01:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
12/28/2010 4:01:07 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2011 11:37:44 AM, error: Service Control Manager [7022] - The SQL Server Browser service hung on starting.
1/4/2011 11:16:28 AM, error: Service Control Manager [7034] - The SMS Remote Control Agent service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:28 AM, error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:27 AM, error: Service Control Manager [7034] - The Datakey's Token Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The SEMC SDK Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:26 AM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Virtual Channel Monitor service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Datakey's Log Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 11:16:25 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/4/2011 10:55:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/4/2011 10:53:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/4/2011 10:53:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2011 10:53:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
Thanks again for the help
-Kevin