Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit (gmer) --


  • This topic is locked This topic is locked
19 replies to this topic

#1 roycer

roycer

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 28 September 2011 - 03:19 PM

I believe I may have a rootkit problem. My machine started freezing up when coming out of screensaver. I was able to check the services, and found 374039819:4103779561.exe running. On reboot, although it is just 4++ bytes, it hung up for awhile before allowing the rest of the services to load.

My antivirus progs were 'inaccessible,' and could not be deleted (for a clean install). I ended up with Opencloud Security, but was able to download and run malwarebytes, which removed it (I believe). mbam worked for awhile before suffering the same fate as the other progs, but not until I realized it was blocking 'something' from accessing websites. I am assuming this is how Opencloud reached my 'puter.

I cannot run any helper programs in a normal boot. I can, however, boot to safe mode and/or w/networking, although I was having problems for awhile (the boot hung at mup.sys - this seems corrected). I ran dds and gmer while on safe mode. dds logs are below, but there was no way to save the gmer log without copying it explicitly. I am rerunning the scan to get the full log. The problem was that there was no 'copy' or 'save' button on my screen. I would assume that this is because safe mode puts me at 600x800, and the gmer display is larger than that. If not, I have no idea.

In normal boot, there is a svchost error at the user screen.

I normally don't run more than one antivirus, but you may see more than that in the logs.

This is a business computer, and while I can survive awhile in safe mode, I appreciate your help. Please let me know what you need me to do.

roycer

dds:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Main at 11:05:58 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.830 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rktrust.com/
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: cyclonecommerce.com
Trusted Zone: deaecom.gov
Trusted Zone: dell.com
Trusted Zone: mckesson.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} - hxxp://24.249.159.30:8013/ocxfile/DownLoad.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://24.249.156.60//WebDvr3.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rx.webex.com/client/T26L/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{4DB0FCD1-AE57-4A69-93AA-DB97B1D84894} : NameServer = 68.12.16.30,68.1.200.30
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S0 udjy;udjy;c:\windows\system32\drivers\oaea.sys --> c:\windows\system32\drivers\oaea.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 CycloneService;CycloneService;c:\cyclone\b1572\bin\CycloneService.exe [2007-11-19 94208]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-7 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-17 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-8-17 47640]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-27 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-27 22216]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-27 19:34:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-27 18:27:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 16:21:44 -------- d-----w- c:\documents and settings\main\application data\SUPERAntiSpyware.com
2011-09-27 16:21:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 16:21:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-27 15:06:03 388096 ----a-r- c:\documents and settings\main\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-27 15:06:03 -------- d-----w- C:\ttt
2011-09-26 19:42:50 -------- d-----w- C:\Trend Micro
2011-09-26 19:38:43 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-26 19:26:42 -------- d-----w- c:\documents and settings\main\local settings\application data\PackageAware
2011-09-26 16:53:57 -------- d-----w- c:\documents and settings\main\application data\VZqhYCwkUrOtPuS
2011-09-26 16:53:56 -------- d-----w- c:\documents and settings\main\application data\l4pmH5sQJdLg
2011-09-26 15:55:49 -------- d-----w- c:\documents and settings\main\application data\kvD2onF4pHs
2011-09-26 15:55:49 -------- d-----w- c:\documents and settings\main\application data\dEL8gTZqhCkVlNx
2011-09-26 15:41:20 -------- d-----w- c:\documents and settings\main\application data\Malwarebytes
2011-09-26 15:41:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-26 15:41:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 14:52:38 -------- d-----w- c:\documents and settings\main\application data\HL9hTXqjUeIrPyA
2011-09-26 14:52:37 -------- d-----w- c:\documents and settings\main\application data\zcS1ibD3pGaHdKf
2011-09-23 21:15:21 -------- d-----w- C:\iPNycA1uv2n4m5W
2011-09-23 21:14:53 -------- d-----w- C:\igRZ9hYXwUeOtPy
2011-09-23 19:08:14 -------- d-----w- c:\documents and settings\main\application data\AVG2012
2011-09-23 19:05:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-23 19:05:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-23 19:03:59 -------- d-----w- c:\program files\AVG
2011-09-23 19:01:11 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-23 19:00:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-23 18:06:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-23 18:06:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-29 13:36:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 14:23:59 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-17 14:23:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-17 14:23:59 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-17 14:23:59 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 11:07:23.93 ===============


attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2004 11:44:10 AM
System Uptime: 9/28/2011 11:04:33 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 37.376 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2554: 6/25/2011 12:09:52 PM - System Checkpoint
RP2555: 6/26/2011 1:09:52 PM - System Checkpoint
RP2556: 6/27/2011 5:42:28 PM - System Checkpoint
RP2557: 6/28/2011 6:09:52 PM - System Checkpoint
RP2558: 6/29/2011 3:00:18 AM - Software Distribution Service 3.0
RP2559: 6/30/2011 3:21:45 AM - System Checkpoint
RP2560: 7/1/2011 3:23:37 AM - System Checkpoint
RP2561: 7/2/2011 4:23:37 AM - System Checkpoint
RP2562: 7/3/2011 5:23:38 AM - System Checkpoint
RP2563: 7/4/2011 6:23:38 AM - System Checkpoint
RP2564: 7/5/2011 7:23:37 AM - System Checkpoint
RP2565: 7/6/2011 8:48:50 AM - System Checkpoint
RP2566: 7/7/2011 10:26:14 AM - System Checkpoint
RP2567: 7/8/2011 2:27:40 PM - System Checkpoint
RP2568: 7/9/2011 3:21:35 PM - System Checkpoint
RP2569: 7/10/2011 4:21:33 PM - System Checkpoint
RP2570: 7/11/2011 4:35:35 PM - System Checkpoint
RP2571: 7/12/2011 5:47:54 PM - System Checkpoint
RP2572: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP2573: 7/14/2011 3:28:59 AM - System Checkpoint
RP2574: 7/15/2011 4:28:59 AM - System Checkpoint
RP2575: 7/16/2011 5:28:59 AM - System Checkpoint
RP2576: 7/17/2011 6:28:59 AM - System Checkpoint
RP2577: 7/18/2011 7:28:59 AM - System Checkpoint
RP2578: 7/19/2011 10:41:17 AM - System Checkpoint
RP2579: 7/20/2011 11:40:59 AM - System Checkpoint
RP2580: 7/21/2011 5:36:52 PM - System Checkpoint
RP2581: 7/22/2011 6:00:48 PM - System Checkpoint
RP2582: 7/23/2011 6:28:59 PM - System Checkpoint
RP2583: 7/24/2011 7:29:00 PM - System Checkpoint
RP2584: 7/25/2011 8:26:45 PM - System Checkpoint
RP2585: 7/26/2011 8:28:59 PM - System Checkpoint
RP2586: 7/27/2011 9:29:01 PM - System Checkpoint
RP2587: 7/28/2011 10:28:59 PM - System Checkpoint
RP2588: 7/29/2011 7:36:26 AM - Printer Driver LogMeIn Printer Driver Installed
RP2589: 7/30/2011 7:38:30 AM - System Checkpoint
RP2590: 7/31/2011 9:35:27 AM - System Checkpoint
RP2591: 8/1/2011 11:20:14 AM - System Checkpoint
RP2592: 8/2/2011 11:38:30 AM - System Checkpoint
RP2593: 8/3/2011 12:39:35 PM - System Checkpoint
RP2594: 8/4/2011 1:50:33 PM - System Checkpoint
RP2595: 8/5/2011 1:57:24 PM - System Checkpoint
RP2596: 8/6/2011 2:38:30 PM - System Checkpoint
RP2597: 8/7/2011 3:38:30 PM - System Checkpoint
RP2598: 8/8/2011 5:49:13 PM - System Checkpoint
RP2599: 8/9/2011 6:38:30 PM - System Checkpoint
RP2600: 8/10/2011 8:18:42 AM - Software Distribution Service 3.0
RP2601: 8/11/2011 1:35:48 PM - System Checkpoint
RP2602: 8/12/2011 3:07:15 PM - System Checkpoint
RP2603: 8/13/2011 3:12:52 PM - System Checkpoint
RP2604: 8/14/2011 4:12:53 PM - System Checkpoint
RP2605: 8/15/2011 5:06:19 PM - System Checkpoint
RP2606: 8/16/2011 5:56:24 PM - System Checkpoint
RP2607: 8/17/2011 6:01:02 PM - System Checkpoint
RP2608: 8/18/2011 6:15:50 PM - System Checkpoint
RP2609: 8/19/2011 6:49:58 PM - System Checkpoint
RP2610: 8/20/2011 7:49:59 PM - System Checkpoint
RP2611: 8/21/2011 8:49:59 PM - System Checkpoint
RP2612: 8/22/2011 9:49:59 PM - System Checkpoint
RP2613: 8/23/2011 10:49:59 PM - System Checkpoint
RP2614: 8/24/2011 11:49:59 PM - System Checkpoint
RP2615: 8/25/2011 3:00:17 AM - Software Distribution Service 3.0
RP2616: 8/26/2011 3:50:00 AM - System Checkpoint
RP2617: 8/27/2011 4:50:00 AM - System Checkpoint
RP2618: 8/28/2011 5:49:59 AM - System Checkpoint
RP2619: 8/29/2011 6:49:59 AM - System Checkpoint
RP2620: 8/30/2011 7:49:59 AM - System Checkpoint
RP2621: 8/31/2011 9:50:23 AM - System Checkpoint
RP2622: 9/1/2011 3:18:02 PM - System Checkpoint
RP2623: 9/2/2011 4:30:40 PM - System Checkpoint
RP2624: 9/3/2011 4:50:00 PM - System Checkpoint
RP2625: 9/4/2011 5:49:59 PM - System Checkpoint
RP2626: 9/5/2011 6:49:58 PM - System Checkpoint
RP2627: 9/6/2011 7:49:59 PM - System Checkpoint
RP2628: 9/7/2011 8:49:59 PM - System Checkpoint
RP2629: 9/8/2011 3:00:16 AM - Software Distribution Service 3.0
RP2630: 9/9/2011 3:21:42 AM - System Checkpoint
RP2631: 9/10/2011 4:21:42 AM - System Checkpoint
RP2632: 9/11/2011 5:21:41 AM - System Checkpoint
RP2633: 9/12/2011 6:21:42 AM - System Checkpoint
RP2634: 9/13/2011 7:21:41 AM - System Checkpoint
RP2635: 9/14/2011 8:35:01 AM - System Checkpoint
RP2636: 9/15/2011 9:40:05 AM - System Checkpoint
RP2637: 9/16/2011 3:00:16 AM - Software Distribution Service 3.0
RP2638: 9/17/2011 3:59:44 AM - System Checkpoint
RP2639: 9/18/2011 4:59:44 AM - System Checkpoint
RP2640: 9/19/2011 5:59:44 AM - System Checkpoint
RP2641: 9/20/2011 6:59:44 AM - System Checkpoint
RP2642: 9/22/2011 11:31:15 AM - System Checkpoint
RP2643: 9/23/2011 11:55:11 AM - Removed HiJackThis
RP2644: 9/23/2011 11:55:44 AM - Installed HiJackThis
RP2645: 9/23/2011 12:05:02 PM - Restore Operation
RP2646: 9/26/2011 8:05:02 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Ask Toolbar
Avery Wizard 3.1
AVG 2012
Banctec Service Agreement
Broadcom Management Programs
Canon MF Drivers
Canon MF4360-4390
Dell Digital Jukebox Driver
Dell Networking Guide
Dell Photo Printer 720
Dell Solution Center
DellSupport
FileZilla Client 3.1.2
Help and Support Customization
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java™ 6 Update 23
Lexmark Printer Software Uninstall
LogMeIn
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Modem Event Monitor
Modem Helper
Modem On Hold
QuickBooks Premier: Retail Edition 2004
RemotePlayback
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebCam
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 9:45:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/27/2011 9:40:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix Fips intelppm
9/27/2011 11:54:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix Fips intelppm SASDIFSV SASKUTIL
9/27/2011 10:19:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
9/27/2011 10:19:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
9/27/2011 1:26:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
9/26/2011 9:56:29 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
9/26/2011 9:56:11 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 7:37:52 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/26/2011 7:37:43 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7022] - The Server service hung on starting.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/26/2011 7:28:29 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:26 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
9/26/2011 12:25:42 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2011 12:22:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/26/2011 11:34:03 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
9/26/2011 10:53:27 AM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/26/2011 1:51:59 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 1:51:43 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 1:51:43 PM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.
9/26/2011 1:43:07 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:39:44 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/26/2011 1:23:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: The system cannot find the file specified.
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2011 1:23:10 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: The system cannot find the file specified.
9/26/2011 1:14:04 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
9/26/2011 1:13:56 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/23/2011 2:33:04 PM, error: Service Control Manager [7022] - The Workstation service hung on starting.
9/23/2011 2:33:04 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:33:04 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The pipe state is invalid.
9/23/2011 2:28:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/23/2011 2:26:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/23/2011 2:25:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
9/23/2011 2:25:20 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
9/23/2011 2:09:51 PM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The pipe state is invalid.
9/23/2011 12:51:16 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
9/23/2011 12:21:48 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
9/23/2011 12:21:48 PM, error: Service Control Manager [7000] - The System Event Notification service failed to start due to the following error: The pipe state is invalid.
9/23/2011 12:21:48 PM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe state is invalid.
9/23/2011 12:20:29 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/23/2011 12:13:46 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer2.
9/23/2011 1:07:59 PM, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 29 September 2011 - 05:35 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 September 2011 - 01:19 PM

First I want to apologize, because I am not a very good trooper. I got antsy and ran tdsskiller on my machine. Then I got your message. I ran gmer again (log below), then tdsskiller again (log below) and then finally combofix. Combofix restarted the machine several times, but seems to think we're clear. Log below.

I kneel to your mercy at letting me know if everything is all screwed up now!

(For business purposes, there are several programs, including java, that I cannot update, were you to suggest it. B) )

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-30 10:32:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75FJA1 rev.14.03G14
Running: gmer.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pxtdapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? pevclq.sys The system cannot find the file specified. !
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7840760]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB49036$\1067403649 0 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734 0 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\bckfg.tmp 849 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\cfg.ini 351 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\kwrd.dll 208896 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\L 0 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\L\asobptkf 64512 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\lsflt7.ver 1205 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\U 0 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\U\00000002.@ 209920 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\U\80000000.@ 2560 bytes
File C:\WINDOWS\$NtUninstallKB49036$\191187734\U\80000032.@ 71168 bytes

---- EOF - GMER 1.0.15 ----




10:33:01.0000 1984 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
10:33:01.0687 1984 ============================================================
10:33:01.0687 1984 Current date / time: 2011/09/30 10:33:01.0687
10:33:01.0687 1984 SystemInfo:
10:33:01.0687 1984
10:33:01.0687 1984 OS Version: 5.1.2600 ServicePack: 3.0
10:33:01.0687 1984 Product type: Workstation
10:33:01.0687 1984 ComputerName: DESK
10:33:01.0687 1984 UserName: Main
10:33:01.0687 1984 Windows directory: C:\WINDOWS
10:33:01.0687 1984 System windows directory: C:\WINDOWS
10:33:01.0687 1984 Processor architecture: Intel x86
10:33:01.0687 1984 Number of processors: 1
10:33:01.0687 1984 Page size: 0x1000
10:33:01.0687 1984 Boot type: Normal boot
10:33:01.0687 1984 ============================================================
10:33:03.0531 1984 Initialize success
10:33:05.0500 3856 ============================================================
10:33:05.0500 3856 Scan started
10:33:05.0500 3856 Mode: Manual;
10:33:05.0500 3856 ============================================================
10:33:07.0312 3856 Abiosdsk - ok
10:33:07.0718 3856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
10:33:07.0718 3856 abp480n5 - ok
10:33:08.0156 3856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:33:08.0281 3856 ACPI - ok
10:33:08.0812 3856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:33:08.0828 3856 ACPIEC - ok
10:33:09.0359 3856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
10:33:09.0390 3856 adpu160m - ok
10:33:09.0765 3856 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
10:33:09.0781 3856 aeaudio - ok
10:33:10.0218 3856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:33:10.0265 3856 aec - ok
10:33:10.0687 3856 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
10:33:10.0718 3856 AFD - ok
10:33:11.0125 3856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
10:33:11.0140 3856 agp440 - ok
10:33:11.0578 3856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
10:33:11.0593 3856 agpCPQ - ok
10:33:11.0921 3856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
10:33:11.0937 3856 Aha154x - ok
10:33:12.0312 3856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
10:33:12.0343 3856 aic78u2 - ok
10:33:12.0687 3856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
10:33:12.0703 3856 aic78xx - ok
10:33:13.0171 3856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
10:33:13.0171 3856 AliIde - ok
10:33:13.0640 3856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
10:33:13.0656 3856 alim1541 - ok
10:33:14.0015 3856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
10:33:14.0031 3856 amdagp - ok
10:33:14.0437 3856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
10:33:14.0437 3856 amsint - ok
10:33:14.0796 3856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
10:33:14.0812 3856 asc - ok
10:33:15.0187 3856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
10:33:15.0203 3856 asc3350p - ok
10:33:15.0593 3856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
10:33:15.0593 3856 asc3550 - ok
10:33:15.0984 3856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:33:15.0984 3856 AsyncMac - ok
10:33:16.0437 3856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:33:16.0468 3856 atapi - ok
10:33:16.0812 3856 Atdisk - ok
10:33:17.0359 3856 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:33:17.0578 3856 ati2mtag - ok
10:33:17.0968 3856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:33:17.0984 3856 Atmarpc - ok
10:33:18.0359 3856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:33:18.0359 3856 audstub - ok
10:33:18.0734 3856 AVGIDSDriver - ok
10:33:19.0140 3856 AVGIDSEH - ok
10:33:19.0578 3856 AVGIDSFilter - ok
10:33:19.0890 3856 AVGIDSShim - ok
10:33:20.0140 3856 Avgldx86 - ok
10:33:20.0390 3856 Avgmfx86 - ok
10:33:20.0640 3856 Avgrkx86 - ok
10:33:20.0875 3856 Avgtdix - ok
10:33:21.0187 3856 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:33:21.0203 3856 bcm4sbxp - ok
10:33:21.0531 3856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:33:21.0546 3856 Beep - ok
10:33:21.0890 3856 bvrp_pci - ok
10:33:22.0218 3856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
10:33:22.0218 3856 cbidf - ok
10:33:22.0515 3856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:33:22.0531 3856 cbidf2k - ok
10:33:22.0828 3856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
10:33:22.0843 3856 cd20xrnt - ok
10:33:23.0171 3856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:33:23.0187 3856 Cdaudio - ok
10:33:23.0578 3856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:33:23.0593 3856 Cdfs - ok
10:33:24.0000 3856 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:33:24.0031 3856 Cdrom - ok
10:33:24.0390 3856 Changer - ok
10:33:24.0671 3856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
10:33:24.0703 3856 CmdIde - ok
10:33:25.0328 3856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
10:33:25.0343 3856 Cpqarray - ok
10:33:25.0765 3856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
10:33:25.0812 3856 dac2w2k - ok
10:33:26.0140 3856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
10:33:26.0156 3856 dac960nt - ok
10:33:26.0562 3856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:33:26.0578 3856 Disk - ok
10:33:27.0218 3856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:33:27.0500 3856 dmboot - ok
10:33:27.0921 3856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:33:27.0968 3856 dmio - ok
10:33:28.0375 3856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:33:28.0375 3856 dmload - ok
10:33:28.0703 3856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:33:28.0718 3856 DMusic - ok
10:33:29.0031 3856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
10:33:29.0046 3856 dpti2o - ok
10:33:29.0453 3856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:33:29.0453 3856 drmkaud - ok
10:33:29.0859 3856 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:33:29.0875 3856 drvmcdb - ok
10:33:30.0328 3856 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
10:33:30.0343 3856 drvnddm - ok
10:33:30.0640 3856 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:33:30.0656 3856 DSproct - ok
10:33:31.0078 3856 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
10:33:31.0078 3856 dsunidrv - ok
10:33:31.0500 3856 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
10:33:31.0531 3856 EL90XBC - ok
10:33:31.0937 3856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:33:31.0984 3856 Fastfat - ok
10:33:32.0406 3856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:33:32.0421 3856 Fdc - ok
10:33:32.0812 3856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:33:32.0828 3856 Fips - ok
10:33:33.0203 3856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:33:33.0218 3856 Flpydisk - ok
10:33:33.0656 3856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:33:33.0687 3856 FltMgr - ok
10:33:34.0046 3856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:33:34.0062 3856 Fs_Rec - ok
10:33:34.0484 3856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:33:34.0531 3856 Ftdisk - ok
10:33:34.0906 3856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:33:34.0906 3856 Gpc - ok
10:33:35.0375 3856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:33:35.0375 3856 HidUsb - ok
10:33:35.0781 3856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
10:33:35.0796 3856 hpn - ok
10:33:36.0312 3856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:33:36.0406 3856 HTTP - ok
10:33:36.0828 3856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:33:36.0828 3856 i2omgmt - ok
10:33:37.0203 3856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
10:33:37.0218 3856 i2omp - ok
10:33:37.0625 3856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:33:37.0640 3856 i8042prt - ok
10:33:38.0078 3856 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
10:33:38.0140 3856 i81x - ok
10:33:38.0546 3856 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
10:33:38.0546 3856 iAimFP0 - ok
10:33:38.0906 3856 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
10:33:38.0906 3856 iAimFP1 - ok
10:33:39.0281 3856 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
10:33:39.0281 3856 iAimFP2 - ok
10:33:39.0671 3856 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
10:33:39.0671 3856 iAimFP3 - ok
10:33:40.0031 3856 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
10:33:40.0031 3856 iAimFP4 - ok
10:33:40.0468 3856 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
10:33:40.0484 3856 iAimTV0 - ok
10:33:40.0859 3856 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
10:33:40.0859 3856 iAimTV1 - ok
10:33:41.0187 3856 iAimTV2 - ok
10:33:41.0500 3856 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
10:33:41.0500 3856 iAimTV3 - ok
10:33:41.0937 3856 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
10:33:41.0937 3856 iAimTV4 - ok
10:33:42.0750 3856 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:33:43.0015 3856 ialm - ok
10:33:43.0406 3856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:33:43.0421 3856 Imapi - ok
10:33:43.0796 3856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
10:33:43.0796 3856 ini910u - ok
10:33:44.0578 3856 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:33:44.0984 3856 IntelC51 - ok
10:33:45.0625 3856 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:33:45.0859 3856 IntelC52 - ok
10:33:46.0218 3856 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:33:46.0234 3856 IntelC53 - ok
10:33:46.0625 3856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
10:33:46.0625 3856 IntelIde - ok
10:33:47.0000 3856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:33:47.0015 3856 intelppm - ok
10:33:47.0390 3856 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:33:47.0406 3856 ip6fw - ok
10:33:47.0828 3856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:33:47.0859 3856 IpFilterDriver - ok
10:33:48.0343 3856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:33:48.0359 3856 IpInIp - ok
10:33:48.0765 3856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:33:48.0812 3856 IpNat - ok
10:33:49.0218 3856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:33:49.0234 3856 IPSec - ok
10:33:49.0671 3856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:33:49.0671 3856 IRENUM - ok
10:33:50.0046 3856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:33:50.0062 3856 isapnp - ok
10:33:50.0468 3856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:33:50.0484 3856 Kbdclass - ok
10:33:50.0921 3856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:33:50.0921 3856 kbdhid - ok
10:33:51.0421 3856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:33:51.0468 3856 kmixer - ok
10:33:51.0859 3856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:33:51.0890 3856 KSecDD - ok
10:33:52.0218 3856 lbrtfdc - ok
10:33:52.0421 3856 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
10:33:52.0437 3856 LMIInfo - ok
10:33:52.0859 3856 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
10:33:52.0859 3856 LMImirr - ok
10:33:53.0218 3856 LMIRfsClientNP - ok
10:33:53.0609 3856 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
10:33:53.0640 3856 LMIRfsDriver - ok
10:33:54.0250 3856 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
10:33:54.0250 3856 MBAMProtector - ok
10:33:54.0671 3856 MBAMSwissArmy - ok
10:33:54.0953 3856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:33:54.0968 3856 mnmdd - ok
10:33:55.0406 3856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:33:55.0421 3856 Modem - ok
10:33:55.0843 3856 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:33:55.0843 3856 MODEMCSA - ok
10:33:56.0218 3856 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:33:56.0218 3856 mohfilt - ok
10:33:56.0656 3856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:33:56.0656 3856 Mouclass - ok
10:33:57.0031 3856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:33:57.0031 3856 mouhid - ok
10:33:57.0421 3856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:33:57.0437 3856 MountMgr - ok
10:33:57.0812 3856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
10:33:57.0812 3856 mraid35x - ok
10:33:58.0234 3856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:33:58.0281 3856 MRxDAV - ok
10:33:58.0890 3856 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:33:59.0031 3856 MRxSmb - ok
10:33:59.0515 3856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:33:59.0531 3856 Msfs - ok
10:33:59.0937 3856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:33:59.0953 3856 MSKSSRV - ok
10:34:00.0359 3856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:34:00.0375 3856 MSPCLOCK - ok
10:34:00.0796 3856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:34:00.0812 3856 MSPQM - ok
10:34:01.0218 3856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:34:01.0234 3856 mssmbios - ok
10:34:01.0671 3856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:34:01.0703 3856 Mup - ok
10:34:02.0093 3856 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
10:34:02.0093 3856 MxlW2k - ok
10:34:02.0562 3856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:34:02.0609 3856 NDIS - ok
10:34:02.0984 3856 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:34:02.0984 3856 NdisTapi - ok
10:34:03.0359 3856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:34:03.0375 3856 Ndisuio - ok
10:34:03.0781 3856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:34:03.0812 3856 NdisWan - ok
10:34:04.0203 3856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:34:04.0218 3856 NDProxy - ok
10:34:04.0671 3856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:34:04.0671 3856 NetBIOS - ok
10:34:05.0156 3856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:34:05.0218 3856 NetBT - ok
10:34:05.0750 3856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:34:05.0750 3856 Npfs - ok
10:34:06.0312 3856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:34:06.0500 3856 Ntfs - ok
10:34:06.0859 3856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:34:06.0859 3856 Null - ok
10:34:07.0890 3856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:34:08.0531 3856 nv - ok
10:34:08.0875 3856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:34:08.0875 3856 NwlnkFlt - ok
10:34:09.0203 3856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:34:09.0218 3856 NwlnkFwd - ok
10:34:09.0578 3856 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
10:34:09.0593 3856 omci - ok
10:34:09.0984 3856 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
10:34:10.0000 3856 P3 - ok
10:34:10.0406 3856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:34:10.0437 3856 Parport - ok
10:34:10.0875 3856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:34:10.0890 3856 PartMgr - ok
10:34:11.0312 3856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:34:11.0312 3856 ParVdm - ok
10:34:11.0750 3856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:34:11.0765 3856 PCI - ok
10:34:12.0109 3856 PCIDump - ok
10:34:12.0390 3856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:34:12.0390 3856 PCIIde - ok
10:34:12.0859 3856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:34:12.0890 3856 Pcmcia - ok
10:34:13.0218 3856 PDCOMP - ok
10:34:13.0468 3856 PDFRAME - ok
10:34:13.0718 3856 PDRELI - ok
10:34:13.0953 3856 PDRFRAME - ok
10:34:14.0250 3856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
10:34:14.0265 3856 perc2 - ok
10:34:14.0609 3856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
10:34:14.0609 3856 perc2hib - ok
10:34:15.0015 3856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:34:15.0031 3856 PptpMiniport - ok
10:34:15.0406 3856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:34:15.0437 3856 Processor - ok
10:34:15.0859 3856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:34:15.0875 3856 PSched - ok
10:34:16.0234 3856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:34:16.0234 3856 Ptilink - ok
10:34:16.0718 3856 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:34:16.0734 3856 PxHelp20 - ok
10:34:17.0140 3856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
10:34:17.0156 3856 ql1080 - ok
10:34:17.0500 3856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
10:34:17.0515 3856 Ql10wnt - ok
10:34:17.0859 3856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
10:34:17.0875 3856 ql12160 - ok
10:34:18.0218 3856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
10:34:18.0234 3856 ql1240 - ok
10:34:18.0656 3856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
10:34:18.0671 3856 ql1280 - ok
10:34:19.0078 3856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:34:19.0078 3856 RasAcd - ok
10:34:19.0468 3856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:34:19.0500 3856 Rasl2tp - ok
10:34:19.0921 3856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:34:19.0937 3856 RasPppoe - ok
10:34:20.0296 3856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:34:20.0312 3856 Raspti - ok
10:34:20.0890 3856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:34:20.0937 3856 Rdbss - ok
10:34:21.0359 3856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:34:21.0359 3856 RDPCDD - ok
10:34:21.0703 3856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:34:21.0765 3856 rdpdr - ok
10:34:22.0171 3856 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:34:22.0218 3856 RDPWD - ok
10:34:22.0765 3856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:34:22.0781 3856 redbook - ok
10:34:23.0218 3856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:34:23.0234 3856 Secdrv - ok
10:34:23.0640 3856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:34:23.0656 3856 serenum - ok
10:34:24.0062 3856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:34:24.0078 3856 Serial - ok
10:34:24.0453 3856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:34:24.0468 3856 Sfloppy - ok
10:34:24.0843 3856 Simbad - ok
10:34:25.0156 3856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
10:34:25.0171 3856 sisagp - ok
10:34:25.0750 3856 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
10:34:25.0953 3856 smwdm - ok
10:34:26.0296 3856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
10:34:26.0296 3856 Sparrow - ok
10:34:26.0718 3856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:34:26.0718 3856 splitter - ok
10:34:27.0156 3856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:34:27.0171 3856 sr - ok
10:34:27.0703 3856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:34:27.0812 3856 Srv - ok
10:34:28.0265 3856 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:34:28.0265 3856 sscdbhk5 - ok
10:34:28.0734 3856 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
10:34:28.0734 3856 ssrtln - ok
10:34:29.0156 3856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:34:29.0171 3856 swenum - ok
10:34:29.0546 3856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:34:29.0562 3856 swmidi - ok
10:34:29.0953 3856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
10:34:29.0953 3856 symc810 - ok
10:34:30.0296 3856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
10:34:30.0296 3856 symc8xx - ok
10:34:30.0703 3856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
10:34:30.0718 3856 sym_hi - ok
10:34:31.0125 3856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
10:34:31.0125 3856 sym_u3 - ok
10:34:31.0515 3856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:34:31.0546 3856 sysaudio - ok
10:34:32.0046 3856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:34:32.0156 3856 Tcpip - ok
10:34:32.0546 3856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:34:32.0546 3856 TDPIPE - ok
10:34:32.0968 3856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:34:32.0984 3856 TDTCP - ok
10:34:33.0343 3856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:34:33.0359 3856 TermDD - ok
10:34:33.0750 3856 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
10:34:33.0765 3856 tfsnboio - ok
10:34:34.0203 3856 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
10:34:34.0218 3856 tfsncofs - ok
10:34:34.0593 3856 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
10:34:34.0593 3856 tfsndrct - ok
10:34:34.0984 3856 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
10:34:34.0984 3856 tfsndres - ok
10:34:35.0343 3856 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
10:34:35.0375 3856 tfsnifs - ok
10:34:35.0796 3856 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
10:34:35.0796 3856 tfsnopio - ok
10:34:36.0203 3856 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
10:34:36.0203 3856 tfsnpool - ok
10:34:36.0609 3856 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
10:34:36.0656 3856 tfsnudf - ok
10:34:37.0046 3856 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:34:37.0078 3856 tfsnudfa - ok
10:34:37.0421 3856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
10:34:37.0437 3856 TosIde - ok
10:34:37.0843 3856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:34:37.0859 3856 Udfs - ok
10:34:38.0187 3856 udjy - ok
10:34:38.0453 3856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
10:34:38.0468 3856 ultra - ok
10:34:39.0031 3856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:34:39.0156 3856 Update - ok
10:34:39.0593 3856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:34:39.0609 3856 usbccgp - ok
10:34:40.0109 3856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:34:40.0109 3856 usbehci - ok
10:34:40.0500 3856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:34:40.0546 3856 usbhub - ok
10:34:40.0984 3856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:34:41.0000 3856 usbprint - ok
10:34:41.0421 3856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:34:41.0437 3856 USBSTOR - ok
10:34:41.0859 3856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:34:41.0875 3856 usbuhci - ok
10:34:42.0265 3856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:34:42.0281 3856 VgaSave - ok
10:34:42.0671 3856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
10:34:42.0671 3856 viaagp - ok
10:34:43.0046 3856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
10:34:43.0046 3856 ViaIde - ok
10:34:43.0421 3856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:34:43.0437 3856 VolSnap - ok
10:34:43.0906 3856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:34:43.0921 3856 Wanarp - ok
10:34:44.0250 3856 WDICA - ok
10:34:44.0562 3856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:34:44.0593 3856 wdmaud - ok
10:34:44.0781 3856 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
10:34:44.0781 3856 \Device\Harddisk0\DR0 - ok
10:34:44.0796 3856 Boot (0x1200) (265f3f703c266f4537670c4d6e5e917d) \Device\Harddisk0\DR0\Partition0
10:34:44.0812 3856 \Device\Harddisk0\DR0\Partition0 - ok
10:34:44.0812 3856 ============================================================
10:34:44.0812 3856 Scan finished
10:34:44.0812 3856 ============================================================
10:34:44.0828 0948 Detected object count: 0
10:34:44.0828 0948 Actual detected object count: 0
10:35:28.0390 3376 Deinitialize success



ComboFix 11-09-30.04 - Main 09/30/2011 11:19:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.724 [GMT -6:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
.
.
.
.
.
c:\documents and settings\Administrator.DESK\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator.DESK\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Main\Application Data\1ADA.A42
c:\documents and settings\Main\GoToAssistDownloadHelper.exe
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\DNgen.exe.8bb9a8a9.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\DS_PASlog.exe.5c97331f.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\InC558.exe.365e6019.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\MSIE.tmp.9e2b295d.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\netguide.exe.62a0f28a.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.87649be9.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.4babd34.ini
c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.da38aab9.ini
c:\documents and settings\Main\WINDOWS
c:\documents and settings\QBbackup\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\QBbackup\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\windows\$NtUninstallKB49036$
c:\windows\$NtUninstallKB49036$\1067403649
c:\windows\$NtUninstallKB49036$\191187734\@
c:\windows\$NtUninstallKB49036$\191187734\bckfg.tmp
c:\windows\$NtUninstallKB49036$\191187734\cfg.ini
c:\windows\$NtUninstallKB49036$\191187734\Desktop.ini
c:\windows\$NtUninstallKB49036$\191187734\keywords
c:\windows\$NtUninstallKB49036$\191187734\kwrd.dll
c:\windows\$NtUninstallKB49036$\191187734\L\asobptkf
c:\windows\$NtUninstallKB49036$\191187734\lsflt7.ver
c:\windows\$NtUninstallKB49036$\191187734\U\00000001.@
c:\windows\$NtUninstallKB49036$\191187734\U\00000002.@
c:\windows\$NtUninstallKB49036$\191187734\U\80000000.@
c:\windows\$NtUninstallKB49036$\191187734\U\80000032.@
.
.
.
.
.
2011-09-29 17:18 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 17:15 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-29 17:15 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2011-09-29 17:07 . 2011-09-29 17:12 -------- d-----w- C:\a1623004607ccd9d0588
2011-09-29 16:34 . 2011-09-29 16:34 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-27 16:21 . 2011-09-29 16:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 15:06 . 2011-09-27 15:06 -------- d-----w- C:\ttt
2011-09-26 19:42 . 2011-09-26 19:42 -------- d-----w- C:\Trend Micro
2011-09-26 19:38 . 2011-09-26 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-26 19:26 . 2011-09-26 19:26 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\PackageAware
2011-09-26 16:53 . 2011-09-26 16:53 -------- d-----w- c:\documents and settings\Main\Application Data\VZqhYCwkUrOtPuS
2011-09-26 16:53 . 2011-09-26 16:53 -------- d-----w- c:\documents and settings\Main\Application Data\l4pmH5sQJdLg
2011-09-26 16:18 . 2011-09-26 16:33 -------- d-----w- c:\documents and settings\QBbackup\Application Data\FileZilla
2011-09-26 16:17 . 2011-09-26 16:17 -------- d-----w- c:\documents and settings\QBbackup\Application Data\tdEL8gTZqY
2011-09-26 16:17 . 2011-09-26 16:17 -------- d-----w- c:\documents and settings\QBbackup\Application Data\FkIVrlONtAuSiFp
2011-09-26 16:17 . 2011-09-26 16:17 -------- d-----w- c:\documents and settings\QBbackup\Application Data\AVG2012
2011-09-26 15:55 . 2011-09-26 15:55 -------- d-----w- c:\documents and settings\Main\Application Data\kvD2onF4pHs
2011-09-26 15:55 . 2011-09-26 15:55 -------- d-----w- c:\documents and settings\Main\Application Data\dEL8gTZqhCkVlNx
2011-09-26 15:41 . 2011-09-26 15:41 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2011-09-26 15:41 . 2011-09-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-26 15:41 . 2011-09-29 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 14:52 . 2011-09-26 14:52 -------- d-----w- c:\documents and settings\Main\Application Data\HL9hTXqjUeIrPyA
2011-09-26 14:52 . 2011-09-26 14:52 -------- d-----w- c:\documents and settings\Main\Application Data\zcS1ibD3pGaHdKf
2011-09-23 21:15 . 2011-09-23 21:15 -------- d-----w- C:\iPNycA1uv2n4m5W
2011-09-23 21:14 . 2011-09-23 21:14 -------- d-----w- C:\igRZ9hYXwUeOtPy
2011-09-23 21:13 . 2011-09-26 15:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-09-23 20:23 . 2011-09-23 20:24 -------- d-----w- c:\documents and settings\Administrator.DESK
2011-09-23 19:08 . 2011-09-23 19:08 -------- d-----w- c:\documents and settings\Main\Application Data\AVG2012
2011-09-23 19:05 . 2011-09-25 23:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-23 19:05 . 2011-09-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-23 19:03 . 2011-09-23 19:03 -------- d-----w- c:\program files\AVG
2011-09-23 19:01 . 2011-09-23 19:01 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-23 19:00 . 2011-09-26 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-23 18:06 . 2011-09-23 18:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-21 00:29 . 2011-09-21 00:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-20 16:40 . 2011-09-20 16:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
.
.
2011-09-09 09:12 . 2004-09-01 23:25 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-29 13:36 . 2011-07-29 13:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 14:23 . 2007-08-17 14:45 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-17 14:23 . 2007-08-17 14:45 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-17 14:23 . 2007-08-17 14:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-17 14:23 . 2007-08-17 14:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-15 13:29 . 2004-06-09 14:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-06-09 14:58 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
.
.
.

REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 23:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-23 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-9-30 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-17 14:23 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/7/2010 8:09 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/17/2007 8:44 AM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/29/2011 11:18 AM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [9/29/2011 11:18 AM 22216]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S0 udjy;udjy;c:\windows\system32\drivers\oaea.sys --> c:\windows\system32\drivers\oaea.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 CycloneService;CycloneService;c:\cyclone\b1572\bin\CycloneService.exe [11/19/2007 4:55 PM 94208]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/1/2011 6:16 AM 5265248]
.
.
.
2011-09-30 c:\windows\Tasks\OMCPharmacyInc 1288798834.job
- c:\program files\Intuit\QuickBooks Premier - Retail Edition\AutoBackupEXE.exe [2070-11-27 23:09]
.
2011-09-30 c:\windows\Tasks\OMCPharmacyInc 1290318718.job
- c:\program files\Intuit\QuickBooks Premier - Retail Edition\AutoBackupEXE.exe [2070-11-27 23:09]
.
2011-09-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 23:29]
.
.
------- -------
.
uStart Page = hxxp://www.rktrust.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyclonecommerce.com
Trusted Zone: deaecom.gov
Trusted Zone: dell.com
Trusted Zone: mckesson.com
TCP: Interfaces\{4DB0FCD1-AE57-4A69-93AA-DB97B1D84894}: NameServer = 68.12.16.30,68.1.200.30
DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} - hxxp://24.249.159.30:8013/ocxfile/DownLoad.ocx
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://24.249.156.60//WebDvr3.cab
.
- - - - - - - -
.
SafeBoot-19794634.sys
SafeBoot-51788285.sys
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.

.

.

.
.
: 0
.
**************************************************************************
.
--------------------- ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
.
**************************************************************************
.
: 2011-09-30 11:56:29 -
ComboFix-quarantined-files.txt 2011-09-30 17:56
.
Pre-Run: 39,095,656,448 bytes free
: 40,014,491,648 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E8A6015EEF0F9DC36E8FF1A56B8E66B6

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 30 September 2011 - 07:09 PM

Hi

If this is a business machine belonging to this company OMC Pharmacy Inc., if there is any chance that this machine contains proprietary information or customer files, then I strongly suggest you reformat as the information may have been compromised from a back door trojan. As a precaution, change all your on-line passwords from a clean machine.


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic420944.html/page__pid__2425442#entry2425442

Collect::
c:\windows\system32\drivers\oaea.sys

Folder::
c:\documents and settings\Main\Application Data\VZqhYCwkUrOtPuS
c:\documents and settings\Main\Application Data\l4pmH5sQJdLg
c:\documents and settings\QBbackup\Application Data\tdEL8gTZqY
c:\documents and settings\QBbackup\Application Data\FkIVrlONtAuSiFp
c:\documents and settings\Main\Application Data\kvD2onF4pHs
c:\documents and settings\Main\Application Data\dEL8gTZqhCkVlNx
c:\documents and settings\Main\Application Data\HL9hTXqjUeIrPyA
c:\documents and settings\Main\Application Data\zcS1ibD3pGaHdKf
C:\iPNycA1uv2n4m5W
C:\igRZ9hYXwUeOtPy

Driver::
udjy


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 10:40 AM

Yes, passwords were the first thing we did (from a clean machine)! Luckily, no proprietary info on this box. Thank you for that concern!!!



ComboFix 11-09-30.05 - Main 09/30/2011 18:32:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -6:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\Archive\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Main\Application Data\dEL8gTZqhCkVlNx
c:\documents and settings\Main\Application Data\HL9hTXqjUeIrPyA
c:\documents and settings\Main\Application Data\kvD2onF4pHs
c:\documents and settings\Main\Application Data\l4pmH5sQJdLg
c:\documents and settings\Main\Application Data\VZqhYCwkUrOtPuS
c:\documents and settings\Main\Application Data\zcS1ibD3pGaHdKf
c:\documents and settings\QBbackup\Application Data\FkIVrlONtAuSiFp
c:\documents and settings\QBbackup\Application Data\tdEL8gTZqY
C:\igRZ9hYXwUeOtPy
C:\iPNycA1uv2n4m5W
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_udjy
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-09-29 17:18 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 17:15 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-29 17:15 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2011-09-29 17:07 . 2011-09-29 17:12 -------- d-----w- C:\a1623004607ccd9d0588
2011-09-29 16:34 . 2011-09-29 16:34 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-27 16:21 . 2011-09-29 16:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 15:06 . 2011-09-27 15:06 -------- d-----w- C:\ttt
2011-09-26 19:42 . 2011-09-26 19:42 -------- d-----w- C:\Trend Micro
2011-09-26 19:38 . 2011-09-26 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-26 19:26 . 2011-09-26 19:26 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\PackageAware
2011-09-26 16:18 . 2011-09-26 16:33 -------- d-----w- c:\documents and settings\QBbackup\Application Data\FileZilla
2011-09-26 16:17 . 2011-09-26 16:17 -------- d-----w- c:\documents and settings\QBbackup\Application Data\AVG2012
2011-09-26 15:41 . 2011-09-26 15:41 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2011-09-26 15:41 . 2011-09-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-26 15:41 . 2011-09-29 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 21:13 . 2011-09-26 15:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-09-23 20:23 . 2011-09-23 20:24 -------- d-----w- c:\documents and settings\Administrator.DESK
2011-09-23 19:08 . 2011-09-23 19:08 -------- d-----w- c:\documents and settings\Main\Application Data\AVG2012
2011-09-23 19:05 . 2011-09-25 23:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-23 19:05 . 2011-09-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-23 19:03 . 2011-09-23 19:03 -------- d-----w- c:\program files\AVG
2011-09-23 19:01 . 2011-09-23 19:01 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-23 19:00 . 2011-09-26 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-23 18:06 . 2011-09-23 18:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-21 00:29 . 2011-09-21 00:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-20 16:40 . 2011-09-20 16:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-09-01 23:25 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-29 13:36 . 2011-07-29 13:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 14:23 . 2007-08-17 14:45 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-17 14:23 . 2007-08-17 14:45 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-17 14:23 . 2007-08-17 14:44 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-17 14:23 . 2007-08-17 14:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-15 13:29 . 2004-06-09 14:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-06-09 14:58 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 23:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-23 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-9-30 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-17 14:23 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/7/2010 8:09 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/17/2007 8:44 AM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/29/2011 11:18 AM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [9/29/2011 11:18 AM 22216]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 CycloneService;CycloneService;c:\cyclone\b1572\bin\CycloneService.exe [11/19/2007 4:55 PM 94208]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/1/2011 6:16 AM 5265248]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 c:\windows\Tasks\OMCPharmacyInc 1288798834.job
- c:\program files\Intuit\QuickBooks Premier - Retail Edition\AutoBackupEXE.exe [2070-11-27 23:09]
.
2011-09-30 c:\windows\Tasks\OMCPharmacyInc 1290318718.job
- c:\program files\Intuit\QuickBooks Premier - Retail Edition\AutoBackupEXE.exe [2070-11-27 23:09]
.
2011-10-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 23:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rktrust.com/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyclonecommerce.com
Trusted Zone: deaecom.gov
Trusted Zone: dell.com
Trusted Zone: mckesson.com
TCP: Interfaces\{4DB0FCD1-AE57-4A69-93AA-DB97B1D84894}: NameServer = 68.12.16.30,68.1.200.30
DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} - hxxp://24.249.159.30:8013/ocxfile/DownLoad.ocx
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://24.249.156.60//WebDvr3.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\logonui.exe
.
**************************************************************************
.
Completion time: 2011-09-30 19:19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-01 01:19
ComboFix2.txt 2011-09-30 17:56
.
Pre-Run: 40,010,752,000 bytes free
Post-Run: 39,928,102,912 bytes free
.
- - End Of File - - DB3312E3D30509C49E3085E2E7312729

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 October 2011 - 02:41 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 03:37 PM

ESET resized its own window, and I couldn't see the start button. We ok without it??



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7858

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/3/2011 1:56:46 PM
mbam-log-2011-10-03 (13-56-46).txt

Scan type: Quick scan
Objects scanned: 224130
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 October 2011 - 06:46 PM

ESET often finds infected files, so I'd really like to see if you can get it to run, if you can resize your browser window or something perhaps

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 06:55 PM

I'll try again ... before when I resized the window, none of the other content became visible. Back in a few ...

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 October 2011 - 07:05 PM

Ok, that's odd, hopefully it was just a one time glitch

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 09:04 PM

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\45\17a589ad-2781a5f3 Java/Agent.DP trojan
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\58\12e7273a-55ed4854 Java/Agent.DP trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\13\db3550d-25340862 Java/Agent.DO trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\3ceb501f-518f6147 Java/Agent.DO trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\12d13a6d-6a91df04 Java/Agent.DO trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\62385c74-1a6b506c Java/Agent.DO trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0089194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0090194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0091194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0092194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0093194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0094194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0095194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0096194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0097194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0098194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0099194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0100194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0101194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0102194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2641\A0103194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2642\A0104194.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0104305.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0105305.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0106305.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0106315.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0107315.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0108315.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0109315.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0110315.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0110345.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0111347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0112347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0113347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2645\A0114347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0115347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0116347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0117347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0118347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0119347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0120347.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0120367.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0121390.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0121413.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0121444.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0122444.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0123444.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0124444.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0125444.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0125476.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0125513.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0126513.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0127525.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0128910.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0129909.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0130914.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0131929.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2646\A0132939.sys Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\29.09.2011_10.26.25\susp0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 October 2011 - 09:14 PM

Hi

most of those files are in old system restore points or quarantine, the java we can take care of now

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and save it to your desktop.
  • Scroll down to where it says JDK 7 (JDK or JRE)
  • Click the Download JDK button tunderneath
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Oracle Binary Code License Agreement for Java SE ". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 09:32 PM

As I mentioned earlier, I can't update java. It has to do with the way we report to the state (it is their decree, which I never understood). I'm going to investigate tomorrow exactly what the situation is ... I'll update adobe, figure out what the state's problem is, and get back to you. Thanks so much for your help.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:29 AM

Posted 03 October 2011 - 09:35 PM

ah yes, you did say that

OK, well older versions of Java are exploitable as you can see

at least clear the Java cache to remove those items found by ESET

Click Start > Control Panel.
Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

There are three options on this window to clear the cache.

  • Delete Files
  • View Applications
  • View Applets


Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 roycer

roycer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 October 2011 - 10:55 PM

There was a 'resource' in the java cash from abizhane.com, which seems to be the culprit website. I checked the browser history when this happened, and it was the only site I didn't recognize. Since I was already infected, I tried to bring up the site, but got a 404 error. I deleted that resource.

No one, it seems, admits to going to the website (there is very little surfing on this box anyway). I assume it was a redirect from somewhere else?

I'll still see what I can do tomorrow about the update.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Main at 21:51:46 on 2011-10-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.505 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rktrust.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cyclonecommerce.com
Trusted Zone: deaecom.gov
Trusted Zone: dell.com
Trusted Zone: mckesson.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} - hxxp://24.249.159.30:8013/ocxfile/DownLoad.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://24.249.156.60//WebDvr3.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rx.webex.com/client/T26L/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{4DB0FCD1-AE57-4A69-93AA-DB97B1D84894} : NameServer = 68.12.16.30,68.1.200.30
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
.
============= SERVICES / DRIVERS ===============
.
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-8-17 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-29 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-29 22216]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 CycloneService;CycloneService;c:\cyclone\b1572\bin\CycloneService.exe [2007-11-19 94208]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-10-03 20:30:14 -------- d-----w- c:\program files\ESET
2011-09-30 16:53:11 -------- d-sha-r- C:\cmdcons
2011-09-30 16:47:53 208896 ----a-w- c:\windows\MBR.exe
2011-09-30 16:47:52 518144 ----a-w- c:\windows\SWREG.exe
2011-09-30 16:47:52 256000 ----a-w- c:\windows\PEV.exe
2011-09-30 16:47:51 98816 ----a-w- c:\windows\sed.exe
2011-09-29 17:18:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 17:15:38 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-29 17:15:38 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2011-09-29 17:07:48 -------- d-----w- C:\a1623004607ccd9d0588
2011-09-29 16:34:39 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-27 16:21:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 15:06:03 -------- d-----w- C:\ttt
2011-09-26 19:42:50 -------- d-----w- C:\Trend Micro
2011-09-26 19:38:43 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-26 19:26:42 -------- d-----w- c:\documents and settings\main\local settings\application data\PackageAware
2011-09-26 15:41:20 -------- d-----w- c:\documents and settings\main\application data\Malwarebytes
2011-09-26 15:41:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-26 15:41:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 19:08:14 -------- d-----w- c:\documents and settings\main\application data\AVG2012
2011-09-23 19:05:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-23 19:05:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-23 19:03:59 -------- d-----w- c:\program files\AVG
2011-09-23 19:01:11 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-23 19:00:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-23 18:06:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-23 18:06:00 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-10-04 03:20:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-17 14:23:59 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-17 14:23:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-17 14:23:59 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-17 14:23:59 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 21:53:09.46 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2004 11:44:10 AM
System Uptime: 10/3/2011 8:39:28 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 37.011 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2565: 7/6/2011 8:48:50 AM - System Checkpoint
RP2566: 7/7/2011 10:26:14 AM - System Checkpoint
RP2567: 7/8/2011 2:27:40 PM - System Checkpoint
RP2568: 7/9/2011 3:21:35 PM - System Checkpoint
RP2569: 7/10/2011 4:21:33 PM - System Checkpoint
RP2570: 7/11/2011 4:35:35 PM - System Checkpoint
RP2571: 7/12/2011 5:47:54 PM - System Checkpoint
RP2572: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP2573: 7/14/2011 3:28:59 AM - System Checkpoint
RP2574: 7/15/2011 4:28:59 AM - System Checkpoint
RP2575: 7/16/2011 5:28:59 AM - System Checkpoint
RP2576: 7/17/2011 6:28:59 AM - System Checkpoint
RP2577: 7/18/2011 7:28:59 AM - System Checkpoint
RP2578: 7/19/2011 10:41:17 AM - System Checkpoint
RP2579: 7/20/2011 11:40:59 AM - System Checkpoint
RP2580: 7/21/2011 5:36:52 PM - System Checkpoint
RP2581: 7/22/2011 6:00:48 PM - System Checkpoint
RP2582: 7/23/2011 6:28:59 PM - System Checkpoint
RP2583: 7/24/2011 7:29:00 PM - System Checkpoint
RP2584: 7/25/2011 8:26:45 PM - System Checkpoint
RP2585: 7/26/2011 8:28:59 PM - System Checkpoint
RP2586: 7/27/2011 9:29:01 PM - System Checkpoint
RP2587: 7/28/2011 10:28:59 PM - System Checkpoint
RP2588: 7/29/2011 7:36:26 AM - Printer Driver LogMeIn Printer Driver Installed
RP2589: 7/30/2011 7:38:30 AM - System Checkpoint
RP2590: 7/31/2011 9:35:27 AM - System Checkpoint
RP2591: 8/1/2011 11:20:14 AM - System Checkpoint
RP2592: 8/2/2011 11:38:30 AM - System Checkpoint
RP2593: 8/3/2011 12:39:35 PM - System Checkpoint
RP2594: 8/4/2011 1:50:33 PM - System Checkpoint
RP2595: 8/5/2011 1:57:24 PM - System Checkpoint
RP2596: 8/6/2011 2:38:30 PM - System Checkpoint
RP2597: 8/7/2011 3:38:30 PM - System Checkpoint
RP2598: 8/8/2011 5:49:13 PM - System Checkpoint
RP2599: 8/9/2011 6:38:30 PM - System Checkpoint
RP2600: 8/10/2011 8:18:42 AM - Software Distribution Service 3.0
RP2601: 8/11/2011 1:35:48 PM - System Checkpoint
RP2602: 8/12/2011 3:07:15 PM - System Checkpoint
RP2603: 8/13/2011 3:12:52 PM - System Checkpoint
RP2604: 8/14/2011 4:12:53 PM - System Checkpoint
RP2605: 8/15/2011 5:06:19 PM - System Checkpoint
RP2606: 8/16/2011 5:56:24 PM - System Checkpoint
RP2607: 8/17/2011 6:01:02 PM - System Checkpoint
RP2608: 8/18/2011 6:15:50 PM - System Checkpoint
RP2609: 8/19/2011 6:49:58 PM - System Checkpoint
RP2610: 8/20/2011 7:49:59 PM - System Checkpoint
RP2611: 8/21/2011 8:49:59 PM - System Checkpoint
RP2612: 8/22/2011 9:49:59 PM - System Checkpoint
RP2613: 8/23/2011 10:49:59 PM - System Checkpoint
RP2614: 8/24/2011 11:49:59 PM - System Checkpoint
RP2615: 8/25/2011 3:00:17 AM - Software Distribution Service 3.0
RP2616: 8/26/2011 3:50:00 AM - System Checkpoint
RP2617: 8/27/2011 4:50:00 AM - System Checkpoint
RP2618: 8/28/2011 5:49:59 AM - System Checkpoint
RP2619: 8/29/2011 6:49:59 AM - System Checkpoint
RP2620: 8/30/2011 7:49:59 AM - System Checkpoint
RP2621: 8/31/2011 9:50:23 AM - System Checkpoint
RP2622: 9/1/2011 3:18:02 PM - System Checkpoint
RP2623: 9/2/2011 4:30:40 PM - System Checkpoint
RP2624: 9/3/2011 4:50:00 PM - System Checkpoint
RP2625: 9/4/2011 5:49:59 PM - System Checkpoint
RP2626: 9/5/2011 6:49:58 PM - System Checkpoint
RP2627: 9/6/2011 7:49:59 PM - System Checkpoint
RP2628: 9/7/2011 8:49:59 PM - System Checkpoint
RP2629: 9/8/2011 3:00:16 AM - Software Distribution Service 3.0
RP2630: 9/9/2011 3:21:42 AM - System Checkpoint
RP2631: 9/10/2011 4:21:42 AM - System Checkpoint
RP2632: 9/11/2011 5:21:41 AM - System Checkpoint
RP2633: 9/12/2011 6:21:42 AM - System Checkpoint
RP2634: 9/13/2011 7:21:41 AM - System Checkpoint
RP2635: 9/14/2011 8:35:01 AM - System Checkpoint
RP2636: 9/15/2011 9:40:05 AM - System Checkpoint
RP2637: 9/16/2011 3:00:16 AM - Software Distribution Service 3.0
RP2638: 9/17/2011 3:59:44 AM - System Checkpoint
RP2639: 9/18/2011 4:59:44 AM - System Checkpoint
RP2640: 9/19/2011 5:59:44 AM - System Checkpoint
RP2641: 9/20/2011 6:59:44 AM - System Checkpoint
RP2642: 9/22/2011 11:31:15 AM - System Checkpoint
RP2643: 9/23/2011 11:55:11 AM - Removed HiJackThis
RP2644: 9/23/2011 11:55:44 AM - Installed HiJackThis
RP2645: 9/23/2011 12:05:02 PM - Restore Operation
RP2646: 9/26/2011 8:05:02 AM - System Checkpoint
RP2647: 9/29/2011 10:48:30 AM - Removed HiJackThis
RP2648: 9/29/2011 11:07:43 AM - Software Distribution Service 3.0
RP2649: 9/30/2011 12:42:13 PM - System Checkpoint
RP2650: 10/1/2011 12:50:08 PM - System Checkpoint
RP2651: 10/2/2011 1:50:09 PM - System Checkpoint
RP2652: 10/3/2011 2:04:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Ask Toolbar
Avery Wizard 3.1
AVG 2012
Banctec Service Agreement
Broadcom Management Programs
Canon MF Drivers
Canon MF4360-4390
Dell Digital Jukebox Driver
Dell Networking Guide
Dell Photo Printer 720
Dell Solution Center
DellSupport
ESET Online Scanner v3
FileZilla Client 3.1.2
Help and Support Customization
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java™ 6 Update 23
Lexmark Printer Software Uninstall
LogMeIn
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Basic Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Modem Event Monitor
Modem Helper
Modem On Hold
QuickBooks Premier: Retail Edition 2004
RemotePlayback
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebCam
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 9:21:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/29/2011 11:15:57 AM, error: Serial [18] - No Parameters subkey was found for user defined data. This is odd, and it also means no user configuration can be found.
9/29/2011 11:09:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - September 2011 (KB890830).
9/29/2011 10:37:59 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
9/29/2011 10:37:59 AM, error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: The pipe state is invalid.
9/29/2011 10:37:58 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe has been ended.
9/28/2011 2:22:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
9/28/2011 11:09:28 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/28/2011 1:51:33 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/27/2011 9:45:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/27/2011 9:40:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix Fips intelppm
9/27/2011 11:54:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix Fips intelppm SASDIFSV SASKUTIL
9/27/2011 10:19:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
9/27/2011 10:19:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
9/27/2011 1:26:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
9/26/2011 9:56:29 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
9/26/2011 9:56:11 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 9:56:11 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 9:56:11 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe state is invalid.
9/26/2011 9:56:11 AM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The pipe state is invalid.
9/26/2011 9:56:11 AM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The pipe state is invalid.
9/26/2011 9:56:11 AM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The pipe state is invalid.
9/26/2011 8:51:58 AM, error: Service Control Manager [7022] - The Workstation service hung on starting.
9/26/2011 8:51:58 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/26/2011 8:51:58 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 7:28:29 AM, error: Service Control Manager [7022] - The Server service hung on starting.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HidServ service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/26/2011 7:28:29 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:29 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 7:28:26 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
9/26/2011 12:25:55 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 12:25:42 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2011 12:22:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/26/2011 11:34:03 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
9/26/2011 11:11:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
9/26/2011 11:11:10 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2011 11:10:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 10:54:30 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 10:54:30 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/26/2011 10:54:30 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/26/2011 10:54:30 AM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The System Event Notification service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Fast User Switching Compatibility service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
9/26/2011 10:54:30 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The pipe state is invalid.
9/26/2011 10:53:27 AM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/26/2011 10:53:27 AM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/26/2011 1:51:59 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:51:43 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 1:51:43 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2011 1:51:43 PM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.
9/26/2011 1:43:07 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
9/26/2011 1:39:44 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/26/2011 1:23:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH Avgldx86 Avgmfx86 Avgrkx86 Avgtdix
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: The system cannot find the file specified.
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2011 1:23:10 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2011 1:23:10 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: The system cannot find the file specified.
9/26/2011 1:14:04 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
9/26/2011 1:13:56 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users