Hi,
My PC seems to have been infected with the Win32/Heur virus, AVG popped up a message while I was scanning using Malwarebytes telling me of two cases of the Heur32 virus, both as system32\logoff.exe in Explore.exe and Malwarebytes...\mbam.exe. There was also a virus in the system volume folder aswell.
I don't know whether it is related or not but my pc has had problems booting and has often been freezing on startup.
I have followed the 8 steps and these are the results:
-----------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5098
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/11/2010 23:38:37
mbam-log-2010-11-12 (23-38-37).txt
Scan type: Quick scan
Objects scanned: 135705
Time elapsed: 6 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-12 23:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10
Running: 0djcum5d.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\kxdcifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
----------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Alan at 23:39:46.54 on 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.379 [GMT 0:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alan\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Flock Update] "c:\documents and settings\alan\local settings\application data\flock\update\FlockUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\web2~1\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261575492890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258455318328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\jl009ewv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bcfc.co.uk/page/Home/0,,10327,00.html
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-9-5 77056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-10-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-10-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-10-8 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-27 187392]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-9 308136]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-18 2560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 gupdate1c99a946454e94;Google Update Service (gupdate1c99a946454e94);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-8 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S4 iteraid;iteraid; [x]
S4 Si3112r;Si3112r; [x]
=============== Created Last 30 ================
2010-11-12 10:25:52 -------- d-sh--w- C:\found.000
2010-10-28 20:52:39 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-28 20:52:30 -------- d-----w- c:\program files\XP Codec Pack
2010-10-26 12:40:34 -------- d-----w- c:\docume~1\alan\locals~1\applic~1\Sports Interactive
2010-10-20 11:12:28 -------- d-----w- c:\program files\common files\ODBC
2010-10-20 10:38:48 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-20 10:38:48 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-20 10:38:24 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
==================== Find3M ====================
2010-11-12 23:15:57 1249 --sha-w- c:\windows\system32\mmf.sys
2010-10-12 13:59:08 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-12 13:59:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-12 13:58:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-09 10:32:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-08 12:42:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-08 12:42:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 04:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 21:38:06 1249 --sha-w- c:\windows\system32\mmf(2)(8).sys
2010-09-14 15:25:16 1249 --sha-w- c:\windows\system32\mmf(3)(8).sys
2010-09-14 09:16:21 1249 --sha-w- c:\windows\system32\mmf(4)(8).sys
2010-09-13 09:03:11 1249 --sha-w- c:\windows\system32\mmf(5)(7).sys
2010-09-12 22:50:26 1249 --sha-w- c:\windows\system32\mmf(6)(7).sys
2010-09-12 11:41:00 1249 --sha-w- c:\windows\system32\mmf(7)(7).sys
2010-09-11 20:24:53 1249 --sha-w- c:\windows\system32\mmf(8)(7).sys
2010-09-11 11:12:26 1249 --sha-w- c:\windows\system32\mmf(9)(6).sys
2010-09-10 23:14:54 1249 --sha-w- c:\windows\system32\mmf(10)(7).sys
2010-09-10 09:36:35 1249 --sha-w- c:\windows\system32\mmf(11)(6).sys
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 12:05:49 1249 --sha-w- c:\windows\system32\mmf(12)(6).sys
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 09:28:42 1249 --sha-w- c:\windows\system32\mmf(13)(5).sys
2010-09-07 15:06:28 1249 --sha-w- c:\windows\system32\mmf(14)(4).sys
2010-09-07 14:57:01 1249 --sha-w- c:\windows\system32\mmf(15)(4).sys
2010-09-07 14:51:51 1249 --sha-w- c:\windows\system32\mmf(16)(3).sys
2010-09-07 14:49:17 1249 --sha-w- c:\windows\system32\mmf(17)(3).sys
2010-09-07 14:43:47 1249 --sha-w- c:\windows\system32\mmf(18)(3).sys
2010-09-07 14:29:27 1249 --sha-w- c:\windows\system32\mmf(19)(3).sys
2010-09-07 14:22:26 1249 --sha-w- c:\windows\system32\mmf(20)(3).sys
2010-09-07 14:15:37 1249 --sha-w- c:\windows\system32\mmf(21)(3).sys
2010-09-07 14:10:37 1249 --sha-w- c:\windows\system32\mmf(22)(3).sys
2010-09-07 14:02:33 1249 --sha-w- c:\windows\system32\mmf(23)(3).sys
2010-09-07 13:59:51 1249 --sha-w- c:\windows\system32\mmf(24)(4).sys
2010-09-07 13:33:33 1249 --sha-w- c:\windows\system32\mmf(25)(3).sys
2010-09-07 09:29:29 1249 --sha-w- c:\windows\system32\mmf(26)(3).sys
2010-09-06 10:02:54 1249 --sha-w- c:\windows\system32\mmf(27)(3).sys
2010-09-06 09:53:06 1249 --sha-w- c:\windows\system32\mmf(28)(3).sys
2010-09-06 09:33:09 1249 --sha-w- c:\windows\system32\mmf(29)(3).sys
2010-09-05 11:53:07 1249 --sha-w- c:\windows\system32\mmf(30)(3).sys
2010-09-05 10:10:27 1249 --sha-w- c:\windows\system32\mmf(31)(2).sys
2010-09-04 07:38:26 1249 --sha-w- c:\windows\system32\mmf(32)(2).sys
2010-09-03 09:38:12 1249 --sha-w- c:\windows\system32\mmf(33)(2).sys
2010-09-02 09:16:50 1249 --sha-w- c:\windows\system32\mmf(34)(2).sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 10:30:58 1249 --sha-w- c:\windows\system32\mmf(35)(2).sys
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 09:30:14 1249 --sha-w- c:\windows\system32\mmf(36)(2).sys
2010-08-30 09:22:26 1249 --sha-w- c:\windows\system32\mmf(37)(2).sys
2010-08-29 11:12:32 1249 --sha-w- c:\windows\system32\mmf(38)(2).sys
2010-08-28 10:36:00 1249 --sha-w- c:\windows\system32\mmf(39)(2).sys
2010-08-27 12:09:24 1249 --sha-w- c:\windows\system32\mmf(40)(2).sys
2010-08-27 11:20:33 1249 --sha-w- c:\windows\system32\mmf(41)(2).sys
2010-08-27 10:31:45 1249 --sha-w- c:\windows\system32\mmf(2)(5).sys
2010-08-27 10:07:54 1249 --sha-w- c:\windows\system32\mmf(3)(5).sys
2010-08-27 09:42:54 1249 --sha-w- c:\windows\system32\mmf(4)(5).sys
2010-08-27 09:26:06 1249 --sha-w- c:\windows\system32\mmf(5)(4).sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 11:18:14 1249 --sha-w- c:\windows\system32\mmf(6)(4).sys
2010-08-25 10:00:59 1249 --sha-w- c:\windows\system32\mmf(7)(4).sys
2010-08-24 09:04:05 1249 --sha-w- c:\windows\system32\mmf(8)(4).sys
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 09:03:38 1249 --sha-w- c:\windows\system32\mmf(9)(4).sys
2010-08-22 09:25:21 1249 --sha-w- c:\windows\system32\mmf(10)(4).sys
2010-08-21 16:50:10 1249 --sha-w- c:\windows\system32\mmf(11)(3).sys
2010-08-20 08:52:19 1249 --sha-w- c:\windows\system32\mmf(12)(3).sys
2010-08-19 09:16:36 1249 --sha-w- c:\windows\system32\mmf(13)(3).sys
2010-08-18 09:24:10 1249 --sha-w- c:\windows\system32\mmf(14)(3).sys
2010-08-17 15:32:08 1249 --sha-w- c:\windows\system32\mmf(15)(2).sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:47:45 1249 --sha-w- c:\windows\system32\mmf(16)(2).sys
2010-08-16 09:18:15 1249 --sha-w- c:\windows\system32\mmf(17)(2).sys
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-15 10:10:02 1249 --sha-w- c:\windows\system32\mmf(18)(2).sys
============= FINISH: 23:40:19.03 ===============
------------------------
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22/01/2009 19:10:23
System Uptime: 11/12/2010 23:14:37 (-696 hours ago)
Motherboard: ASUSTeK Computer Inc. | | A8V Deluxe
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2202/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 164.864 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Service:
==== System Restore Points ===================
RP1: 12/11/2010 20:40:08 - System Checkpoint
==== Installed Programs ======================
888poker
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AviSynth 2.5
Baseball Mogul 2011
Bonjour
CCleaner
CDBurnerXP
Championship Manager 01-02
CMTacticus
Connect
Creative Audio Console
Creative MediaSource
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
EA SPORTS(TM) Cricket 07
Flock (3.0.6.4253)
Football Manager 2011 Demo
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
Google Updater
HHD Software Free Hex Editor Neo 4.81
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 970c series (Remove only)
inSSIDer
installation
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
kuler
Line-up Viewer
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (June 2008)
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MP3 Player Recovery Tool
Netscape Navigator (9.0.0.6)
NHL Eastside Hockey Manager 2007
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 3.0
Opera 10.63
Paint.NET v3.36
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PokerStars
PowerMenu 1.51
PS3 Video 9 5.04
QuickTime
Rapport
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spotify
Steam
Suite Shared Configuration CS4
System Requirements Lab
TEW2010
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Expression Web 2 (KB957827)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Snooper v2.23.01
Vista For DUMMIES
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR archiver
XP Codec Pack
YouTube Downloader App 2.03
==== Event Viewer Messages From Past Week ========
12/11/2010 23:13:14, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:14, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2010 19:52:53, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.2. The machine with the IP address 192.168.2.6 did not allow the name to be claimed by this machine.
12/11/2010 15:48:02, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/11/2010 15:48:02, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:47:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/11/2010 15:46:47, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/11/2010 15:46:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/11/2010 12:40:28, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/11/2010 01:13:48, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
09/11/2010 10:25:56, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.
08/11/2010 19:53:59, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:41:01, error: fasttx2k [9] - The device, \Device\Scsi\fasttx2k1, did not respond within the timeout period.
05/11/2010 11:33:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
05/11/2010 11:33:35, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
---------------------
Many Thanks
Alan
My PC seems to have been infected with the Win32/Heur virus, AVG popped up a message while I was scanning using Malwarebytes telling me of two cases of the Heur32 virus, both as system32\logoff.exe in Explore.exe and Malwarebytes...\mbam.exe. There was also a virus in the system volume folder aswell.
I don't know whether it is related or not but my pc has had problems booting and has often been freezing on startup.
I have followed the 8 steps and these are the results:
-----------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5098
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/11/2010 23:38:37
mbam-log-2010-11-12 (23-38-37).txt
Scan type: Quick scan
Objects scanned: 135705
Time elapsed: 6 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-12 23:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10
Running: 0djcum5d.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\kxdcifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
----------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Alan at 23:39:46.54 on 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.379 [GMT 0:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alan\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Flock Update] "c:\documents and settings\alan\local settings\application data\flock\update\FlockUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\web2~1\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261575492890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258455318328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\jl009ewv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1807261&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bcfc.co.uk/page/Home/0,,10327,00.html
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\jl009ewv.default\extensions\{ec4df147-b8bd-4b8c-99de-2f618d391d41}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-9-5 77056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-10-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-10-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-10-8 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-27 187392]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-9 308136]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-18 2560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 gupdate1c99a946454e94;Google Update Service (gupdate1c99a946454e94);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-8 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S4 iteraid;iteraid; [x]
S4 Si3112r;Si3112r; [x]
=============== Created Last 30 ================
2010-11-12 10:25:52 -------- d-sh--w- C:\found.000
2010-10-28 20:52:39 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-28 20:52:30 -------- d-----w- c:\program files\XP Codec Pack
2010-10-26 12:40:34 -------- d-----w- c:\docume~1\alan\locals~1\applic~1\Sports Interactive
2010-10-20 11:12:28 -------- d-----w- c:\program files\common files\ODBC
2010-10-20 10:38:48 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-20 10:38:48 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-20 10:38:24 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
==================== Find3M ====================
2010-11-12 23:15:57 1249 --sha-w- c:\windows\system32\mmf.sys
2010-10-12 13:59:08 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-12 13:59:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-12 13:58:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-09 10:32:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-10-08 12:42:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-08 12:42:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 04:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 02:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 21:38:06 1249 --sha-w- c:\windows\system32\mmf(2)(8).sys
2010-09-14 15:25:16 1249 --sha-w- c:\windows\system32\mmf(3)(8).sys
2010-09-14 09:16:21 1249 --sha-w- c:\windows\system32\mmf(4)(8).sys
2010-09-13 09:03:11 1249 --sha-w- c:\windows\system32\mmf(5)(7).sys
2010-09-12 22:50:26 1249 --sha-w- c:\windows\system32\mmf(6)(7).sys
2010-09-12 11:41:00 1249 --sha-w- c:\windows\system32\mmf(7)(7).sys
2010-09-11 20:24:53 1249 --sha-w- c:\windows\system32\mmf(8)(7).sys
2010-09-11 11:12:26 1249 --sha-w- c:\windows\system32\mmf(9)(6).sys
2010-09-10 23:14:54 1249 --sha-w- c:\windows\system32\mmf(10)(7).sys
2010-09-10 09:36:35 1249 --sha-w- c:\windows\system32\mmf(11)(6).sys
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 12:05:49 1249 --sha-w- c:\windows\system32\mmf(12)(6).sys
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 09:28:42 1249 --sha-w- c:\windows\system32\mmf(13)(5).sys
2010-09-07 15:06:28 1249 --sha-w- c:\windows\system32\mmf(14)(4).sys
2010-09-07 14:57:01 1249 --sha-w- c:\windows\system32\mmf(15)(4).sys
2010-09-07 14:51:51 1249 --sha-w- c:\windows\system32\mmf(16)(3).sys
2010-09-07 14:49:17 1249 --sha-w- c:\windows\system32\mmf(17)(3).sys
2010-09-07 14:43:47 1249 --sha-w- c:\windows\system32\mmf(18)(3).sys
2010-09-07 14:29:27 1249 --sha-w- c:\windows\system32\mmf(19)(3).sys
2010-09-07 14:22:26 1249 --sha-w- c:\windows\system32\mmf(20)(3).sys
2010-09-07 14:15:37 1249 --sha-w- c:\windows\system32\mmf(21)(3).sys
2010-09-07 14:10:37 1249 --sha-w- c:\windows\system32\mmf(22)(3).sys
2010-09-07 14:02:33 1249 --sha-w- c:\windows\system32\mmf(23)(3).sys
2010-09-07 13:59:51 1249 --sha-w- c:\windows\system32\mmf(24)(4).sys
2010-09-07 13:33:33 1249 --sha-w- c:\windows\system32\mmf(25)(3).sys
2010-09-07 09:29:29 1249 --sha-w- c:\windows\system32\mmf(26)(3).sys
2010-09-06 10:02:54 1249 --sha-w- c:\windows\system32\mmf(27)(3).sys
2010-09-06 09:53:06 1249 --sha-w- c:\windows\system32\mmf(28)(3).sys
2010-09-06 09:33:09 1249 --sha-w- c:\windows\system32\mmf(29)(3).sys
2010-09-05 11:53:07 1249 --sha-w- c:\windows\system32\mmf(30)(3).sys
2010-09-05 10:10:27 1249 --sha-w- c:\windows\system32\mmf(31)(2).sys
2010-09-04 07:38:26 1249 --sha-w- c:\windows\system32\mmf(32)(2).sys
2010-09-03 09:38:12 1249 --sha-w- c:\windows\system32\mmf(33)(2).sys
2010-09-02 09:16:50 1249 --sha-w- c:\windows\system32\mmf(34)(2).sys
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 10:30:58 1249 --sha-w- c:\windows\system32\mmf(35)(2).sys
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 09:30:14 1249 --sha-w- c:\windows\system32\mmf(36)(2).sys
2010-08-30 09:22:26 1249 --sha-w- c:\windows\system32\mmf(37)(2).sys
2010-08-29 11:12:32 1249 --sha-w- c:\windows\system32\mmf(38)(2).sys
2010-08-28 10:36:00 1249 --sha-w- c:\windows\system32\mmf(39)(2).sys
2010-08-27 12:09:24 1249 --sha-w- c:\windows\system32\mmf(40)(2).sys
2010-08-27 11:20:33 1249 --sha-w- c:\windows\system32\mmf(41)(2).sys
2010-08-27 10:31:45 1249 --sha-w- c:\windows\system32\mmf(2)(5).sys
2010-08-27 10:07:54 1249 --sha-w- c:\windows\system32\mmf(3)(5).sys
2010-08-27 09:42:54 1249 --sha-w- c:\windows\system32\mmf(4)(5).sys
2010-08-27 09:26:06 1249 --sha-w- c:\windows\system32\mmf(5)(4).sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 11:18:14 1249 --sha-w- c:\windows\system32\mmf(6)(4).sys
2010-08-25 10:00:59 1249 --sha-w- c:\windows\system32\mmf(7)(4).sys
2010-08-24 09:04:05 1249 --sha-w- c:\windows\system32\mmf(8)(4).sys
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 09:03:38 1249 --sha-w- c:\windows\system32\mmf(9)(4).sys
2010-08-22 09:25:21 1249 --sha-w- c:\windows\system32\mmf(10)(4).sys
2010-08-21 16:50:10 1249 --sha-w- c:\windows\system32\mmf(11)(3).sys
2010-08-20 08:52:19 1249 --sha-w- c:\windows\system32\mmf(12)(3).sys
2010-08-19 09:16:36 1249 --sha-w- c:\windows\system32\mmf(13)(3).sys
2010-08-18 09:24:10 1249 --sha-w- c:\windows\system32\mmf(14)(3).sys
2010-08-17 15:32:08 1249 --sha-w- c:\windows\system32\mmf(15)(2).sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:47:45 1249 --sha-w- c:\windows\system32\mmf(16)(2).sys
2010-08-16 09:18:15 1249 --sha-w- c:\windows\system32\mmf(17)(2).sys
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-15 10:10:02 1249 --sha-w- c:\windows\system32\mmf(18)(2).sys
============= FINISH: 23:40:19.03 ===============
------------------------
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22/01/2009 19:10:23
System Uptime: 11/12/2010 23:14:37 (-696 hours ago)
Motherboard: ASUSTeK Computer Inc. | | A8V Deluxe
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2202/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 164.864 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_130F1043&REV_01\3&267A616A&0&48
Service:
==== System Restore Points ===================
RP1: 12/11/2010 20:40:08 - System Checkpoint
==== Installed Programs ======================
888poker
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AviSynth 2.5
Baseball Mogul 2011
Bonjour
CCleaner
CDBurnerXP
Championship Manager 01-02
CMTacticus
Connect
Creative Audio Console
Creative MediaSource
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
EA SPORTS(TM) Cricket 07
Flock (3.0.6.4253)
Football Manager 2011 Demo
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
Google Updater
HHD Software Free Hex Editor Neo 4.81
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 970c series (Remove only)
inSSIDer
installation
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 7
kuler
Line-up Viewer
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (June 2008)
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MP3 Player Recovery Tool
Netscape Navigator (9.0.0.6)
NHL Eastside Hockey Manager 2007
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 3.0
Opera 10.63
Paint.NET v3.36
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PokerStars
PowerMenu 1.51
PS3 Video 9 5.04
QuickTime
Rapport
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spotify
Steam
Suite Shared Configuration CS4
System Requirements Lab
TEW2010
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Expression Web 2 (KB957827)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Snooper v2.23.01
Vista For DUMMIES
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1 beta5
WinRAR archiver
XP Codec Pack
YouTube Downloader App 2.03
==== Event Viewer Messages From Past Week ========
12/11/2010 23:13:14, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:14, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:13, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:12, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2010 23:13:11, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/11/2010 19:52:53, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.2. The machine with the IP address 192.168.2.6 did not allow the name to be claimed by this machine.
12/11/2010 15:48:02, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
12/11/2010 15:48:02, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:48:02, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 15:47:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/11/2010 15:46:47, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/11/2010 15:46:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/11/2010 12:40:28, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/11/2010 01:13:48, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
09/11/2010 10:25:56, error: NetBT [4321] - The name "ANNIE :0" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.4 did not allow the name to be claimed by this machine.
08/11/2010 19:53:59, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0011D8710DC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/11/2010 11:41:01, error: fasttx2k [9] - The device, \Device\Scsi\fasttx2k1, did not respond within the timeout period.
05/11/2010 11:33:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
05/11/2010 11:33:35, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
---------------------
Many Thanks
Alan