PalazzoTom
Posts: 6 +0
Hi folks,
I am working on my daughter's laptop after she told me about the redirect problem. I found she had no virus or malware protection. I loaded and ran Norton, MS Essentials, Spy Doctor, and MalwareBytes without any improvement.
Following are the logs from MBAM, GMER, and DDS. I will standby awaiting your sage instructions.
Many thanks to those of you that freely give of your time and expertise.
Tom
******************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6923
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6/22/2011 5:21:00 PM
mbam-log-2011-06-22 (17-21-00).txt
Scan type: Quick scan
Objects scanned: 180486
Time elapsed: 11 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
**********************
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-24 23:16:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: 2u1i9kwk.exe; Driver: C:\DOCUME~1\Christy\LOCALS~1\Temp\fflyapod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 8A145E7A
Thread System [4:128] 8A148008
---- EOF - GMER 1.0.15 ----
******************************
.DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Christy at 23:34:55 on 2011-06-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.462 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\christy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [<NO NAME>]
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open Link Target in Firefox - file://c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308685415186
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://sfgate.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\white sky, inc\id vault\xpcom3\components\IdVault.XPCOM3.dll
FF - component: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\christy\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Calculator: {AA052FD6-366A-4771-A591-0D8DC551585D} - %profile%\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
FF - Ext: ViewInFirefox: {5D558C43-550F-4b12-84AB-0D8ABDA9F975} - %profile%\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}
FF - Ext: FormFox: formfox@daniel.steinbrook - %profile%\extensions\formfox@daniel.steinbrook
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: CacheIt!: {98449521-9320-4257-aa35-9e1a39c8cbe0} - %profile%\extensions\{98449521-9320-4257-aa35-9e1a39c8cbe0}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Red Cats (green flavor): {dd30bf68-268a-4815-ad48-8740b774c764} - %profile%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-24 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-24 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-24 656320]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-6-24 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-6-24 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-23 25232]
R1 MpKslf514b9da;MpKslf514b9da;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1061d659-ded2-4ac1-aa5a-4afac5295556}\mpkslf514b9da.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1061d659-ded2-4ac1-aa5a-4afac5295556}\MpKslf514b9da.sys [?]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-6-24 136312]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-6-24 130008]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-24 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-24 1150936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-24 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110624.050\IDSXpx86.sys [2011-6-24 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.020\NAVENG.SYS [2011-6-24 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.020\NAVEX15.SYS [2011-6-24 1542392]
S1 MpKslb4c78394;MpKslb4c78394;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be32b7a2-c83d-4f12-a229-56ffec5525da}\mpkslb4c78394.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be32b7a2-c83d-4f12-a229-56ffec5525da}\MpKslb4c78394.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 136176]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-6-14 60488]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-22 366640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 136176]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-25 06:11:54 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-25 01:43:23 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-25 01:43:22 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-25 01:43:11 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-25 01:42:48 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-25 01:42:48 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-25 01:41:28 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-25 01:39:48 -------- d-----w- c:\program files\common files\PC Tools
2011-06-25 01:39:47 -------- d-----w- c:\program files\PC Tools Security
2011-06-25 01:39:47 -------- d-----w- c:\documents and settings\christy\application data\PC Tools
2011-06-25 01:39:47 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-24 16:51:46 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-06-24 16:51:46 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-06-24 16:51:46 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-06-24 16:51:45 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-06-24 16:51:45 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-06-24 16:51:44 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-06-24 16:51:44 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-06-24 16:51:44 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-06-24 16:50:39 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-06-24 16:42:50 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-06-24 16:42:50 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-24 16:42:49 -------- d-----w- c:\program files\Symantec
2011-06-24 16:42:49 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-24 16:41:46 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-24 16:41:42 -------- d-----w- c:\program files\Norton Security Suite
2011-06-24 06:32:54 -------- d-----w- c:\program files\NortonInstaller
2011-06-24 06:32:54 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-24 06:23:02 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-24 05:55:20 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-06-24 05:55:11 -------- d-----w- c:\documents and settings\christy\local settings\application data\ID Vault
2011-06-24 05:54:03 87624 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2011-06-24 05:54:03 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2011-06-24 05:54:03 1590856 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2011-06-24 05:54:03 129608 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2011-06-24 05:53:54 -------- d-----w- c:\documents and settings\christy\application data\ID Vault
2011-06-24 05:53:37 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-06-24 05:53:18 -------- d-----w- c:\documents and settings\all users\GID
2011-06-24 05:53:09 -------- d-----w- c:\program files\SFT
2011-06-24 05:52:36 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-06-24 05:46:08 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-24 05:44:44 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-24 05:44:17 14048 ------w- c:\windows\system32\spmsg2.dll
2011-06-23 17:22:29 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-06-23 00:06:25 -------- d-----w- c:\documents and settings\christy\application data\Malwarebytes
2011-06-23 00:05:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 00:05:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-23 00:04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-22 18:56:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 11:57:20 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-22 11:57:20 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-21 16:54:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-21 16:35:18 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-08 04:42:42 -------- d-----w- c:\program files\iPod
2011-06-08 04:42:37 -------- d-----w- c:\program files\iTunes
2011-06-08 04:36:12 -------- d-----w- c:\program files\Bonjour
2011-06-07 21:25:36 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-07 21:25:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-07 21:11:27 -------- d-----w- c:\documents and settings\christy\application data\MSNInstaller
2011-06-07 17:57:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-07 17:57:50 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-06-21 20:50:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ---ha-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1411ED]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0xf7; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A1CF4F8]
3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\000000ab[0x8A1FC9E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A1ED940]
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x8a1411ed
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:35:55.07 ===============
*************************
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/7/2005 9:30:11 PM
System Uptime: 6/24/2011 6:21:45 PM (5 hours ago)
.
Motherboard: DELL SYSTEM | | Inspiron 700m
Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 6.397 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1007: 6/21/2011 12:58:50 PM - Software Distribution Service 3.0
RP1008: 6/21/2011 6:37:10 PM - Removed Java(TM) 6 Update 7
RP1009: 6/22/2011 10:49:03 AM - Software Distribution Service 3.0
RP1010: 6/23/2011 11:26:33 AM - Software Distribution Service 3.0
RP1011: 6/23/2011 10:44:17 PM - Installed %1 %2.
RP1012: 6/23/2011 10:44:34 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1013: 6/24/2011 12:37:17 PM - Software Distribution Service 3.0
RP1014: 6/24/2011 1:42:09 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Broadcom Management Programs
Conexant D480 MDC V.9x Modem
Constant Guard Protection Suite
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell System Restore
Dell Wireless WLAN Utility
DellSupport
Digital Line Detect
Foxit PDF Editor
Foxit Reader
FoxyTunes for Firefox
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GuardedID
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 26
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.18)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
My Way Search Assistant
NetWaiting
Norton Security Suite
PCIxx20
Photo Click
PowerDVD 5.1
QuickTime
RealPlayer Basic
SCRABBLE
Scrabble (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx20 drivers.
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/24/2011 6:23:56 PM, error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2011 6:23:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CGPS Service service to connect.
6/24/2011 6:22:56 PM, error: Dhcp [1002] - The IP address lease 192.168.0.139 for the Network Card with network address 000B7D16E4AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/24/2011 10:05:15 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOM-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5618145-AC2E-462. The master browser is stopping or an election is being forced.
6/23/2011 9:53:27 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
6/23/2011 9:50:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
6/23/2011 12:37:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ALG with arguments "" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}
6/23/2011 12:36:52 PM, error: Tcpip [4198] - The system detected an address conflict for IP address 192.168.0.1 with the system having network hardware address 00:1B:11:4B:83:21. The local interface has been disabled.
6/22/2011 5:25:29 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/22/2011 5:25:29 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/21/2011 12:33:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2011 12:04:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
6/21/2011 12:03:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
6/21/2011 12:01:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/21/2011 12:00:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
I am working on my daughter's laptop after she told me about the redirect problem. I found she had no virus or malware protection. I loaded and ran Norton, MS Essentials, Spy Doctor, and MalwareBytes without any improvement.
Following are the logs from MBAM, GMER, and DDS. I will standby awaiting your sage instructions.
Many thanks to those of you that freely give of your time and expertise.
Tom
******************************
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6923
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6/22/2011 5:21:00 PM
mbam-log-2011-06-22 (17-21-00).txt
Scan type: Quick scan
Objects scanned: 180486
Time elapsed: 11 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
**********************
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-24 23:16:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: 2u1i9kwk.exe; Driver: C:\DOCUME~1\Christy\LOCALS~1\Temp\fflyapod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 8A145E7A
Thread System [4:128] 8A148008
---- EOF - GMER 1.0.15 ----
******************************
.DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Christy at 23:34:55 on 2011-06-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.462 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\christy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [<NO NAME>]
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open Link Target in Firefox - file://c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308685415186
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GIDLogonXP - GIDLogonXP.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://sfgate.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\white sky, inc\id vault\xpcom3\components\IdVault.XPCOM3.dll
FF - component: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\firefox\profiles\fq8zfcwt.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\christy\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\christy\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Calculator: {AA052FD6-366A-4771-A591-0D8DC551585D} - %profile%\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
FF - Ext: ViewInFirefox: {5D558C43-550F-4b12-84AB-0D8ABDA9F975} - %profile%\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}
FF - Ext: FormFox: formfox@daniel.steinbrook - %profile%\extensions\formfox@daniel.steinbrook
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: CacheIt!: {98449521-9320-4257-aa35-9e1a39c8cbe0} - %profile%\extensions\{98449521-9320-4257-aa35-9e1a39c8cbe0}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Red Cats (green flavor): {dd30bf68-268a-4815-ad48-8740b774c764} - %profile%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-24 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-24 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-24 656320]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-6-24 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-6-24 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-23 25232]
R1 MpKslf514b9da;MpKslf514b9da;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1061d659-ded2-4ac1-aa5a-4afac5295556}\mpkslf514b9da.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1061d659-ded2-4ac1-aa5a-4afac5295556}\MpKslf514b9da.sys [?]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-6-24 136312]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-6-24 130008]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-24 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-24 1150936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-24 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110624.050\IDSXpx86.sys [2011-6-24 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.020\NAVENG.SYS [2011-6-24 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.020\NAVEX15.SYS [2011-6-24 1542392]
S1 MpKslb4c78394;MpKslb4c78394;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be32b7a2-c83d-4f12-a229-56ffec5525da}\mpkslb4c78394.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be32b7a2-c83d-4f12-a229-56ffec5525da}\MpKslb4c78394.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 136176]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-6-14 60488]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-22 366640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 136176]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-25 06:11:54 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-25 01:43:23 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-25 01:43:22 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-25 01:43:11 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-25 01:42:48 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-25 01:42:48 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-25 01:41:28 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-25 01:39:48 -------- d-----w- c:\program files\common files\PC Tools
2011-06-25 01:39:47 -------- d-----w- c:\program files\PC Tools Security
2011-06-25 01:39:47 -------- d-----w- c:\documents and settings\christy\application data\PC Tools
2011-06-25 01:39:47 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-24 16:51:46 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-06-24 16:51:46 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-06-24 16:51:46 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-06-24 16:51:45 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-06-24 16:51:45 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-06-24 16:51:44 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-06-24 16:51:44 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-06-24 16:51:44 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-06-24 16:50:39 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-06-24 16:42:50 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-06-24 16:42:50 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-24 16:42:49 -------- d-----w- c:\program files\Symantec
2011-06-24 16:42:49 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-24 16:41:46 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-24 16:41:42 -------- d-----w- c:\program files\Norton Security Suite
2011-06-24 06:32:54 -------- d-----w- c:\program files\NortonInstaller
2011-06-24 06:32:54 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-24 06:23:02 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-24 05:55:20 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-06-24 05:55:11 -------- d-----w- c:\documents and settings\christy\local settings\application data\ID Vault
2011-06-24 05:54:03 87624 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2011-06-24 05:54:03 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2011-06-24 05:54:03 1590856 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2011-06-24 05:54:03 129608 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2011-06-24 05:53:54 -------- d-----w- c:\documents and settings\christy\application data\ID Vault
2011-06-24 05:53:37 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-06-24 05:53:18 -------- d-----w- c:\documents and settings\all users\GID
2011-06-24 05:53:09 -------- d-----w- c:\program files\SFT
2011-06-24 05:52:36 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-06-24 05:46:08 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-24 05:44:44 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-24 05:44:17 14048 ------w- c:\windows\system32\spmsg2.dll
2011-06-23 17:22:29 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-06-23 00:06:25 -------- d-----w- c:\documents and settings\christy\application data\Malwarebytes
2011-06-23 00:05:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 00:05:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-23 00:04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-22 18:56:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 11:57:20 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-22 11:57:20 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-21 16:54:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-21 16:35:18 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-08 04:42:42 -------- d-----w- c:\program files\iPod
2011-06-08 04:42:37 -------- d-----w- c:\program files\iTunes
2011-06-08 04:36:12 -------- d-----w- c:\program files\Bonjour
2011-06-07 21:25:36 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-07 21:25:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-07 21:11:27 -------- d-----w- c:\documents and settings\christy\application data\MSNInstaller
2011-06-07 17:57:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-07 17:57:50 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-06-21 20:50:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 09:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ---ha-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1411ED]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0xf7; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A1CF4F8]
3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\000000ab[0x8A1FC9E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A1ED940]
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x8a1411ed
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:35:55.07 ===============
*************************
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/7/2005 9:30:11 PM
System Uptime: 6/24/2011 6:21:45 PM (5 hours ago)
.
Motherboard: DELL SYSTEM | | Inspiron 700m
Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 6.397 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1007: 6/21/2011 12:58:50 PM - Software Distribution Service 3.0
RP1008: 6/21/2011 6:37:10 PM - Removed Java(TM) 6 Update 7
RP1009: 6/22/2011 10:49:03 AM - Software Distribution Service 3.0
RP1010: 6/23/2011 11:26:33 AM - Software Distribution Service 3.0
RP1011: 6/23/2011 10:44:17 PM - Installed %1 %2.
RP1012: 6/23/2011 10:44:34 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1013: 6/24/2011 12:37:17 PM - Software Distribution Service 3.0
RP1014: 6/24/2011 1:42:09 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Broadcom Management Programs
Conexant D480 MDC V.9x Modem
Constant Guard Protection Suite
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Networking Guide
Dell Picture Studio v3.0
Dell System Restore
Dell Wireless WLAN Utility
DellSupport
Digital Line Detect
Foxit PDF Editor
Foxit Reader
FoxyTunes for Firefox
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GuardedID
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 26
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.18)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
My Way Search Assistant
NetWaiting
Norton Security Suite
PCIxx20
Photo Click
PowerDVD 5.1
QuickTime
RealPlayer Basic
SCRABBLE
Scrabble (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx20 drivers.
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/24/2011 6:23:56 PM, error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2011 6:23:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CGPS Service service to connect.
6/24/2011 6:22:56 PM, error: Dhcp [1002] - The IP address lease 192.168.0.139 for the Network Card with network address 000B7D16E4AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/24/2011 10:05:15 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOM-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5618145-AC2E-462. The master browser is stopping or an election is being forced.
6/23/2011 9:53:27 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
6/23/2011 9:50:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
6/23/2011 12:37:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ALG with arguments "" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}
6/23/2011 12:36:52 PM, error: Tcpip [4198] - The system detected an address conflict for IP address 192.168.0.1 with the system having network hardware address 00:1B:11:4B:83:21. The local interface has been disabled.
6/22/2011 5:25:29 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/22/2011 5:25:29 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/21/2011 12:33:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2011 12:04:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
6/21/2011 12:03:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
6/21/2011 12:01:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/21/2011 12:00:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/21/2011 12:00:19 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================