Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host Process for Win32 Service


  • This topic is locked This topic is locked
3 replies to this topic

#1 judithm

judithm

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 November 2010 - 03:12 PM

The above is the error message I was receiving. I ran the security update 873333 suggested here, however, the computer keeps freezing up. I already ran Malwarebytes, Spybot and onecare.live.com (microsoft); last thing I did prior to the security update 873333 you suggested here, I also ran eset.com/online-scanner. Apparently there is some kind of a virus that none of these are able to get rid of. This is a Dell optiplex 320 computer with windows xp version 5.1, service pack 2, 1GB of ram. Can not get any of windows updates and internet explorer does not work all the time and at times when I open it, it appears some sort of webside like a supermarket type, with a window that "you are a winner" and it starts counting. Please help.

Thanks
judithm

After carefully reading your website , I follow the instructions and ran some of the programs you suggest for you to analize. I am a total novice but I certainly appreciate your help. I know I posted some information yesterday, but I did not know how to get to it to continue adding what I did today. I am still struggling finding everything and it its the first time I register to one of this websites.

Please see attachments.
It is almost impossible to work from this computer, because it freezes and sometimes internet windows open unstopable to the point that I have to turn the computer off.


DDS (Ver_10-11-10.01) - NTFSx86
Run by PaulR at 14:53:49.62 on Thu 11/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.634 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskcgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PaulR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [GMorphCl] "c:\windows\system32\taskcgr.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\lsp23.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289332547000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 91.206.201.8 avirprotect.microsoft.com
Hosts: 91.206.201.8 avir-protect.com
Hosts: 91.206.201.8 www.avir-protect.com

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-12-14 3456]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 1436454502;1436454502;c:\windows\system32\drivers\1436454502.sys --> c:\windows\system32\drivers\1436454502.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-11-4 50704]

=============== Created Last 30 ================

2010-11-11 19:47:02 -------- d-----w- c:\docume~1\paulr\applic~1\Malwarebytes
2010-11-11 16:26:39 -------- d-----w- c:\docume~1\paulr\locals~1\applic~1\Adobe
2010-11-11 15:52:48 -------- d-----w- c:\docume~1\paulr\locals~1\applic~1\Identities
2010-11-11 14:37:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\iIeBo02099
2010-11-11 14:37:53 38786 ----a-w- c:\windows\system32\taskcgr.exe
2010-11-11 14:37:44 47490 ----a-w- c:\windows\system32\lsp23.dll
2010-11-11 14:37:44 0 ----a-w- c:\windows\system32\lsp23.tmp
2010-11-10 22:26:37 -------- d-s---w- c:\documents and settings\paulr\UserData
2010-11-10 20:49:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-10 20:49:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-09 22:21:42 -------- d-----w- c:\program files\PC Tools Security
2010-11-09 21:52:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-11-09 19:46:12 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{196a083c-f9d0-4f73-8129-253efe4cf2a9}\mpengine.dll
2010-11-09 19:42:56 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-09 17:31:30 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-04 21:46:13 -------- d-----w- c:\program files\ESET
2010-11-04 20:51:47 0 ----a-w- c:\windows\Yronalazahixusoy.bin
2010-11-04 20:50:15 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-11-04 20:50:15 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-11-04 20:50:15 100880 ----a-w- c:\windows\system32\Packet.dll
2010-11-04 20:50:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\dPhMh02001
2010-11-04 20:50:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-10-18 20:20:00 297 ----a-w- C:\XX001.bat

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD080HJ/P rev.ZH100-34 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F15446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85f1b504]; MOV EAX, [0x85f1b580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x85F78AB8]
3 CLASSPNP[0xF750305B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x85EB5270]
\Driver\atapi[0x85FA22B8] -> IRP_MJ_CREATE -> 0x85F15446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskSAMSUNG_HD080HJ#P_______________________ZH100-34#5&6f788e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x85F15292
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:54:37.10 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/22/2007 4:11:24 PM
System Uptime: 11/11/2010 2:48:06 PM (0 hours ago)

Motherboard: Dell Inc. | | 0MH651
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 3000/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 3000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 63.896 GiB free.
D: is CDROM ()
I: is NetworkDisk (NTFS) - 98 GiB total, 43.848 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP617: 8/17/2010 11:42:06 AM - System Checkpoint
RP618: 8/18/2010 2:49:47 PM - System Checkpoint
RP619: 8/20/2010 2:16:32 PM - System Checkpoint
RP620: 8/23/2010 2:29:54 PM - System Checkpoint
RP621: 8/24/2010 3:39:56 PM - System Checkpoint
RP622: 8/26/2010 1:44:44 PM - System Checkpoint
RP623: 8/27/2010 2:35:12 PM - System Checkpoint
RP624: 9/1/2010 2:11:17 PM - System Checkpoint
RP625: 9/3/2010 2:25:41 PM - System Checkpoint
RP626: 9/7/2010 2:02:16 PM - System Checkpoint
RP627: 9/8/2010 3:38:57 PM - System Checkpoint
RP628: 9/10/2010 2:20:02 PM - System Checkpoint
RP629: 9/14/2010 9:55:07 AM - System Checkpoint
RP630: 9/15/2010 3:30:56 PM - System Checkpoint
RP631: 9/15/2010 4:32:16 PM - Software Distribution Service 3.0
RP632: 9/17/2010 1:22:49 PM - System Checkpoint
RP633: 9/20/2010 2:13:39 PM - System Checkpoint
RP634: 9/21/2010 2:43:42 PM - System Checkpoint
RP635: 9/22/2010 3:27:25 PM - System Checkpoint
RP636: 9/27/2010 1:57:22 PM - System Checkpoint
RP637: 9/29/2010 2:10:45 PM - System Checkpoint
RP638: 10/1/2010 1:50:48 PM - System Checkpoint
RP639: 10/5/2010 1:50:25 PM - System Checkpoint
RP640: 10/6/2010 3:04:41 PM - System Checkpoint
RP641: 10/8/2010 2:33:39 PM - System Checkpoint
RP642: 10/11/2010 2:01:43 PM - System Checkpoint
RP643: 10/12/2010 2:57:22 PM - System Checkpoint
RP644: 10/18/2010 2:53:14 PM - System Checkpoint
RP645: 10/18/2010 4:30:19 PM - Software Distribution Service 3.0
RP646: 10/20/2010 11:17:27 AM - System Checkpoint
RP647: 10/21/2010 11:38:45 AM - System Checkpoint
RP648: 10/22/2010 12:18:41 PM - System Checkpoint
RP649: 10/25/2010 2:25:12 PM - System Checkpoint
RP650: 10/26/2010 2:38:28 PM - System Checkpoint
RP651: 10/28/2010 2:17:37 PM - System Checkpoint
RP652: 10/29/2010 3:01:30 PM - System Checkpoint
RP653: 11/1/2010 2:35:37 PM - System Checkpoint
RP654: 11/3/2010 2:38:46 PM - System Checkpoint
RP655: 11/4/2010 3:54:37 PM - Software Distribution Service 3.0
RP656: 11/5/2010 10:08:25 AM - Installed Windows XP KB914882.
RP657: 11/8/2010 7:35:23 AM - Software Distribution Service 3.0
RP658: 11/9/2010 7:45:05 AM - Software Distribution Service 3.0
RP659: 11/10/2010 9:29:17 AM - System Checkpoint
RP660: 11/10/2010 2:46:19 PM - Installed Windows XP KB873333.

==== Installed Programs ======================

Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.2
ATI Catalyst Control Center
ATI Display Driver
Broadcom Management Programs
Dell Support 3.2.1
ESET Online Scanner v3
Fleetminder
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 4200 Uninstaller
IBM iSeries Access for Windows
J2SE Runtime Environment 5.0 Update 6
Lotus Notes 6.5.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft MapPoint North America 2004
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
SearchAssist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SonicWALL Anti-Spam Desktop
SUPERAntiSpyware
System Tool2011
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
URL Assistant
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

11/9/2010 8:37:00 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1257.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/9/2010 8:26:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Imapi
11/9/2010 7:39:04 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
11/9/2010 6:01:24 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/9/2010 5:22:25 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%2147949456
11/9/2010 5:22:20 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/9/2010 2:48:14 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1519.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/9/2010 2:44:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/9/2010 2:05:36 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/8/2010 8:23:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1257.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/8/2010 7:37:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
11/8/2010 11:11:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
11/8/2010 10:48:58 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/8/2010 10:48:58 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/8/2010 10:31:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips i8042prt Imapi intelppm MpFilter
11/5/2010 10:09:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/5/2010 10:09:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
11/4/2010 5:41:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips i8042prt Imapi intelppm
11/4/2010 5:32:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/4/2010 4:57:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/4/2010 4:48:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
11/4/2010 3:57:25 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/11/2010 9:51:31 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 9:46:19 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/11/2010 9:46:19 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/11/2010 9:24:44 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 8:59:01 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 7:53:41 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 7:31:00 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 2:48:52 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 2:47:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips i8042prt Imapi intelppm MpFilter SASDIFSV SASKUTIL
11/11/2010 2:46:23 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 2:43:39 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 2:39:19 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 12:55:44 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 12:03:06 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 11:33:33 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 11:29:19 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 11:16:21 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 11:06:59 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 11:04:25 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 10:56:01 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 1:18:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
11/11/2010 1:18:14 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2010 1:14:11 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 1:09:58 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 1:07:29 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 1:04:28 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/11/2010 1:00:20 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 9:02:19 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 8:59:13 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 5:10:34 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 4:38:07 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 4:14:07 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 2:48:36 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 2:39:03 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.
11/10/2010 2:04:51 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

==== End Of File ===========================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 15:58:02
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 SAMSUNG_HD080HJ/P rev.ZH100-34
Running: gmer.exe; Driver: C:\DOCUME~1\PaulR\LOCALS~1\Temp\pxtdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xF19ACA00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
.text C:\WINDOWS\System32\svchost.exe[1160] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\wuauclt.exe[3372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\wuauclt.exe[3372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\wuauclt.exe[3372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B3000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85F15292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85F15292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 85F15292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 85F15292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-12 85F15292
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B7CD7C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskSAMSUNG_HD080HJ#P_______________________ZH100-34#5&6f788e1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 156249744 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Merged topics then posts moving result to log forum. ~ OB

Edited by Orange Blossom, 11 November 2010 - 08:49 PM.


BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 AM

Posted 17 November 2010 - 02:50 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 AM

Posted 20 November 2010 - 12:57 PM

judithm? Do you still need help?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 AM

Posted 24 November 2010 - 01:40 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users