Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow internet connection after rootkit.zeroaccess removal


  • Please log in to reply
21 replies to this topic

#1 sgivens

sgivens

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 16 December 2011 - 05:11 PM

Here's the history (this has been over the past couple days, so unfortunately the exact details are foggy):

I'm comfortable working on computers, a big part of my job is supporting software and users. A friend of mine brought me his old Gateway desktop so I could get rid of the "virus" that was on it. Upon booting, I found malware ("XP Security Center" if I remember right, I unfortunately didn't write down the name). I ended up using ComboFix while researching how to remove the malware. ComboFix discovered and removed rootkit.zeroaccess.

Out-of-date scans (MBAM, SAS, MSE) say the system is clean, but the network connection is extemely slow (more on that later). In struggling to get the network connection revived, I've ran an XP Repair install and uninstalled/reinstalled the network driver. Web browsing is incredibly slow (both with IE7 and Firefox), especially any site that is laden with graphics or ads (google.com loads reasonably, but the image on bing.com takes quite a bit of time, microsoft.com, msn.com, etc take forever, if they even load)

This is an old system (2002), and I've still not found the exact drivers (they're not on Gateway's website that I can find). So the ones that I do find I'm not 100% sure they are correct. Because of this, I'm hesitant to reinstall XP (chipset drivers, graphics driver, network driver, sound driver, etc). I haven't checked with the owner if he has the original support CD, but knowing the situation, I'd be surprised if he did.

I am unable to update MBAM, SuperAntiSpyware or MSE online, so I can't do subsequent scans to make me believe it's clean. MSE was current just prior to the infection, and it passes the scan (but I belive it was running when the system was orginially infected, so not sure if I trust it). I had trouble getting MBAM to see the manually installed definition, so I don't trust it's scan. I was able to update SAS manually, but I'd still rather trust a scan based on an online update.

All this behavior makes me think something is still lurking?? I can get into more details if need be, but here's the basics:

Make and model of computer: Gateway MFAT XNIN NMZ 300S

How the computer is connected (wireless or wired): Wired

Make and model of Router: Linksys WRT160NL (two other computers are successfully connected, Win7 wired and WinXP wireless)

What type of internet you have: Cable

MiniToolBox results:
MiniToolBox by Farbar
Ran by Owner (administrator) on 16-12-2011 at 14:21:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : joel032276

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tc.ph.cox.net



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . : tc.ph.cox.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-BF-A7-4E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.12

68.105.29.12

68.105.28.11

Lease Obtained. . . . . . . . . . : Friday, December 16, 2011 1:48:25 PM

Lease Expires . . . . . . . . . . : Saturday, December 17, 2011 1:48:25 PM

Server: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 74.125.227.52, 74.125.227.48, 74.125.227.49, 74.125.227.50
74.125.227.51



Pinging google.com [74.125.227.51] with 32 bytes of data:



Reply from 74.125.227.51: bytes=32 time=46ms TTL=57

Reply from 74.125.227.51: bytes=32 time=45ms TTL=57



Ping statistics for 74.125.227.51:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 46ms, Average = 45ms

Server: cdns2.cox.net
Address: 68.105.28.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=40ms TTL=57

Reply from 72.30.2.43: bytes=32 time=38ms TTL=57



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 40ms, Average = 39ms

Server: cdns2.cox.net
Address: 68.105.28.12

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 bf a7 4e ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 20
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 20
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 20
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2011 01:28:55 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/16/2011 01:16:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x8024400aupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/16/2011 01:13:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/16/2011 11:34:09 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 10:58:14 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 09:06:45 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 07:57:35 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 07:21:22 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 07:17:49 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.

Error: (12/15/2011 07:14:29 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.


System errors:
=============
Error: (12/16/2011 01:28:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/16/2011 01:28:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/16/2011 01:28:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/16/2011 01:28:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/16/2011 01:28:54 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/16/2011 01:15:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %JOEL03227660 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %JOEL03227651

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %JOEL032276602

Update Type: %JOEL032276604

User: JOEL032276\Owner

Current Engine Version: %JOEL032276605

Previous Engine Version: %JOEL032276606

Error code: %JOEL032276607

Error description: %JOEL032276608

Error: (12/16/2011 01:15:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %JOEL03227660 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %JOEL03227651

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %JOEL032276602

Update Type: %JOEL032276604

User: JOEL032276\Owner

Current Engine Version: %JOEL032276605

Previous Engine Version: %JOEL032276606

Error code: %JOEL032276607

Error description: %JOEL032276608

Error: (12/16/2011 01:15:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %JOEL03227660 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %JOEL03227651

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %JOEL032276602

Update Type: %JOEL032276604

User: JOEL032276\Owner

Current Engine Version: %JOEL032276605

Previous Engine Version: %JOEL032276606

Error code: %JOEL032276607

Error description: %JOEL032276608

Error: (12/16/2011 01:15:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %JOEL03227660 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %JOEL03227651

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %JOEL032276602

Update Type: %JOEL032276604

User: JOEL032276\Owner

Current Engine Version: %JOEL032276605

Previous Engine Version: %JOEL032276606

Error code: %JOEL032276607

Error description: %JOEL032276608

Error: (12/16/2011 01:13:36 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (12/16/2011 01:28:55 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/16/2011 01:16:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x8024400aupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/16/2011 01:13:37 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/16/2011 11:34:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 10:58:14 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 09:06:45 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 07:57:35 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 07:21:22 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 07:17:49 PM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.(NULL)(NULL)(NULL)

Error: (12/15/2011 07:14:29 PM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: Intel® Network Connections -- The installed version of Intel PROSet is not supported for upgrades. You must uninstall it before installing this version.(NULL)(NULL)(NULL)


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1021.8 MB
Available physical RAM: 513.64 MB
Total Pagefile: 2464.6 MB
Available Pagefile: 1987.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.71 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:38.28 GB) (Free:14.21 GB) NTFS
4 Drive e: () (Removable) (Total:0.99 GB) (Free:0.87 GB) FAT

========================= Users: ========================================

User accounts for \\JOEL032276

Administrator Guest HelpAssistant
kael Owner SUPPORT_388945a0


**** End of log ****

Edited by Budapest, 16 December 2011 - 05:23 PM.
Moved from Networking ~Budapest


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 20 December 2011 - 11:03 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 12:55 PM

Thanks for the reply. The security check scan ran fine, and I'm running the SAS scan now, figured I'd wait to post all the result from all scans in one reply. However, I've struggled to get MBAM to update to the latest definition. I've run mbam-rules.exe, uninstalled, ran mbam-clean.exe, reinstalled, copied rules.ref from a clean, functioning machine that updated MBAM via the internet, etc. and it still says August 31 for the date for the definitions. I've ran full scans with this definition, and it comes up clean, but I'm not sure I trust it. Any ideas on how to get MBAM to reflect the lastest definitions?

#4 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 05:17 PM

SecurityCheck log:

Results of screen317's Security Check version 0.99.29
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


MBAM Log:

See previous reply, can't get it to see latest definitions.


SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2011 at 11:55 AM

Application Version : 5.0.1142

Core Rules Database Version : 8071
Trace Rules Database Version: 5883

Scan type : Complete Scan
Total Scan Time : 01:17:01

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 587
Memory threats detected : 0
Registry items scanned : 37490
Registry threats detected : 0
File items scanned : 58338
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\Owner\Cookies\owner@c1.atdmt[1].txt [ /c1.atdmt ]
C:\Documents and Settings\Owner\Cookies\owner@clickbooth[1].txt [ /clickbooth ]
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\Owner\Cookies\owner@googleads.g.doubleclick[1].txt [ /googleads.g.doubleclick ]
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Owner\Cookies\owner@us.sitestat[1].txt [ /us.sitestat.com ]
C:\Documents and Settings\Owner\Cookies\owner@us.sitestat[2].txt [ /us.sitestat.com ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EGIBTYQD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EGIBTYQD.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EGIBTYQD.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EGIBTYQD.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EGIBTYQD.DEFAULT\COOKIES.SQLITE ]


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 15:06:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_2F040L0 rev.VAM51JJ0
Running: odvrlns1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwddrfod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED9F1640]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\mbamswissarmy.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 20 December 2011 - 07:08 PM

What happens if you download the latest updates this way for MBAM: http://data.mbamupdates.com/tools/mbam-rules.exe

#6 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 10:43 PM

Similar results as trying to update from within MBAM...sits at 0-1% for several minutes, then eventually bombs out (or just sits there). mbam-rules.exe executes without an issue when transferred via thumb drive from a good computer, just that MBAM doesn't seem to honor the new definitions.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 20 December 2011 - 10:48 PM

rename the executable to haha.exe or something else.

#8 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 11:20 PM

It executes ok, whether it's renamed or not. I then launch MBAM, and it says the definition is outdated by 8 days (good sign), but when I go to the update tab, the date given is 8/31/2011, database version is 7622, fingerprints loaded is 349033. My concern is that this definition is quite different from an MBAM install and 'net update on a clean computer.

Could the definitions truely be updated, but the GUI simply isn't reporting them? I can run the scan if you'd like (will take several hours), but I suspect that it will come up clean, but even if it does, can it be trusted?

#9 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 11:24 PM

FYI...just checked the OS date on rules.def at (abbreviated) C:\Docs and Settings\All Users\App Data\MB\MBAM and it says 12/12/2011, which jives with what MBAM says about the definition when launching (outdated by 8 days). MBAM GUI still claims outdated definition though.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 20 December 2011 - 11:38 PM

Run the scan anyways and see what it fines.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#11 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 20 December 2011 - 11:56 PM

Will do. MBAM scan running now, will post when it's finished...MinitoolBox results below:

MiniToolBox:

MiniToolBox by Farbar
Ran by Owner (administrator) on 20-12-2011 at 21:47:22
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : joel032276

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tc.ph.cox.net



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . : tc.ph.cox.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-BF-A7-4E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.12

68.105.29.12

68.105.28.11

Lease Obtained. . . . . . . . . . : Tuesday, December 20, 2011 9:46:08 PM

Lease Expires . . . . . . . . . . : Wednesday, December 21, 2011 9:46:08 PM

Server: cdns2.cox.net
Address: 68.105.28.12

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.227.51, 74.125.227.52, 74.125.227.48, 74.125.227.49
74.125.227.50



Pinging google.com [74.125.227.81] with 32 bytes of data:



Reply from 74.125.227.81: bytes=32 time=47ms TTL=57

Reply from 74.125.227.81: bytes=32 time=47ms TTL=57



Ping statistics for 74.125.227.81:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 47ms, Average = 47ms

Server: cdns2.cox.net
Address: 68.105.28.12

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=40ms TTL=57

Reply from 72.30.2.43: bytes=32 time=69ms TTL=57



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 69ms, Average = 54ms

DNS request timed out.
timeout was 2 seconds.
Server: cdns7.cox.net
Address: 68.105.29.12

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 bf a7 4e ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 20
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 20
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 20
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2011 08:40:01 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/19/2011 10:24:56 PM) (Source: Windows Product Activation) (User: )
Description: The Windows license was restored due to a system error. You might need to reactivate your Windows product.

Error: (12/19/2011 10:06:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/19/2011 07:50:14 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/19/2011 07:12:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/16/2011 01:28:55 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/16/2011 01:16:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x8024400aupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/16/2011 01:13:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/16/2011 11:34:09 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2011 10:58:14 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024400a, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (12/20/2011 00:06:20 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 00:06:20 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 00:05:32 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 00:05:21 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 00:05:01 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 00:04:55 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/20/2011 08:40:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/20/2011 08:40:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/20/2011 08:40:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/20/2011 08:40:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.787.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (12/20/2011 08:40:01 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/19/2011 10:24:56 PM) (Source: Windows Product Activation)(User: )
Description:

Error: (12/19/2011 10:06:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/19/2011 07:50:14 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/19/2011 07:12:16 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/16/2011 01:28:55 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/16/2011 01:16:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x8024400aupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/16/2011 01:13:37 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/16/2011 11:34:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/15/2011 10:58:14 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024400aendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
Anti-phishing Domain Advisor (Version: 1.1.0.1)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.2.120)
ArcSoft Panorama Maker 4
BlackBerry Desktop Software 4.3 (Version: 4.3.0.17)
BlackBerry Device Software Updater (Version: 5.0.0.18)
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.149.000)
c3100_Help (Version: 70.0.149.000)
Canon Camera WIA Driver (Version: 5.1)
Canon EOS Kiss REBEL 300D WIA Driver (Version: 5.1)
Canon PhotoRecord
Canon PowerShot A40 WIA Driver
CCScore (Version: 6.02.1001.0001)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DigiQuote Enterprise Edition (Version: 1.00)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.1001.0001)
ESSgui (Version: 6.02.1001.0001)
ESSini (Version: 6.02.1001.0001)
ESSPCD (Version: 6.02.1001.0001)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.02.1001.0001)
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 70.0.149.000)
File Uploader (Version: 1.1.1)
Gateway Desktop Manager
Gateway Drivers and Applications Recovery
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
hp deskjet 3820 series (Remove only)
HP Imaging Device Functions 7.0 (Version: 7.0)
hp instant support (Version: 4.03.00)
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential (Version: 1.9.1.3)
HP Software Update (Version: 3.0.7.014)
HP Solution Center 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II (Version: 2.20.0062)
Internet Explorer (Enable DEP)
iTunes (Version: 10.3.1.55)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KSU (Version: 632.62.0004.0001)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Moto Helper Service (Version: 5.5)
MotoHelper 2.0.44 Driver 4.9.0 (Version: 2.0.44)
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.2.8200.9)
Motorola Mobile Drivers Installation 4.9.0 (Version: 4.9.0)
Mototools Software Update (Version: 3.4.8)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
netbrdg (Version: 6.02.1001.0001)
NewCopy_CDA (Version: 70.0.149.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.3.0)
Notifier (Version: 6.02.0001.0001)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
OfotoXMI (Version: 6.02.0001.0001)
PanoStandAlone (Version: 70.0.170.000)
PCDADDIN (Version: 6.02.0001.0003)
PCDHELP (Version: 6.02.0001.0001)
QuickBooks (Version: 19.0.4010.705)
QuickBooks Pro 2009 (Version: 19.0.4010.705)
QuickTime (Version: 7.69.80.9)
Readme (Version: 70.0.149.000)
Roxio Media Manager (Version: 9.4.007)
Safari (Version: 5.33.21.1)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.02.0001.0001)
SKIN0001 (Version: 6.02.1001.0001)
SKINXSDK (Version: 6.02.1001.0001)
SolutionCenter (Version: 70.0.170.000)
staticcr (Version: 5.03.0000.0001)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.0.1142)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 70.0.170.000)
tooltips (Version: 6.02.0001.0001)
TrayApp (Version: 70.0.170.000)
Unity Web Player (Version: 2.5.1f5_24931)
Unload (Version: 7.0.0)
VPRINTOL (Version: 6.02.0001.0001)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 70.0.170.000)
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0 (Version: 2.0.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Player 11
WIRELESS (Version: 6.02.0001.0001)

========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 1021.8 MB
Available physical RAM: 264.82 MB
Total Pagefile: 2464.6 MB
Available Pagefile: 1943.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.71 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:38.28 GB) (Free:14.13 GB) NTFS
4 Drive e: () (Removable) (Total:0.99 GB) (Free:0.87 GB) FAT

========================= Users: ========================================

User accounts for \\JOEL032276

Administrator Guest HelpAssistant
kael Owner SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini041411-01.dmp
C:\WINDOWS\Minidump\Mini041411-02.dmp
C:\WINDOWS\Minidump\Mini041411-03.dmp
C:\WINDOWS\Minidump\Mini110706-01.dmp

**** End of log ****

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 21 December 2011 - 12:15 AM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

Also do the following:
We need to know more about your BSODs...

Download BlueScreenView (in Zip file)

No installation required.

Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.

Then go to File > Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Compliments of Broni

#13 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 21 December 2011 - 01:17 AM

I paused the MBAM scan, and ran Speccy and BSOD. Results below, MBAM scan resumed. I'm guessing the scan is halfway done, will post its results in the morning. <insert yawning emoticon here>

Speccy:

Summary
Operating System
MS Windows XP Home 32-bit SP3
CPU
Intel Celeron
Northwood 0.13um Technology
RAM
1.00 GB DDR @ 133MHz (2.5-3-3-6)
Motherboard
Intel Corporation D845GRG (J2E1)
Graphics
Plug and Play Monitor (1280x600@60Hz)
Intel® 82845G/GL/GE/PE/GV Graphics Controller
Hard Drives
40GB Maxtor Maxtor 2F040L0 (PATA) 45 °C
Optical Drives
HL-DT-ST CD-RW GCE-8400B
Audio
Unimodem Half-Duplex Audio Device
Operating System
MS Windows XP Home 32-bit SP3
Installation Date: 15 December 2011, 12:03
Serial Number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (edited out by sgivens)
Windows Security Center
Firewall Disabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Antivirus
Antivirus Enabled
Company Name Microsoft
Display Name Microsoft Security Essentials
Product Version 2.1.1116.0
Environment Variables
USERPROFILE C:\Documents and Settings\Owner
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\Owner\Local Settings\Temp
TMP C:\Documents and Settings\Owner\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\WBEM
C:\Program Files\Common Files\Roxio Shared\DLLShared
C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
C:\Program Files\QuickTime\QTSystem
C:\WINDOWS\system32\WindowsPowerShell\v1.0
windir C:\WINDOWS
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 15
PROCESSOR_IDENTIFIER x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_REVISION 0207
NUMBER_OF_PROCESSORS 1
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
FP_NO_HOST_CHECK NO
RoxioCentral C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
asl.log Destination=file
CLASSPATH .;C:\Program Files\QuickTime\QTSystem\QTJava.zip
QTJAVA C:\Program Files\QuickTime\QTSystem\QTJava.zip
Power Profile
Active power scheme Home/Office Desk
Hibernation Disabled
Power Shutdown Enabled
Power Suspend Enabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Hard Disk after: (On AC Power) Never
Suspend after: (On AC Power) Never
Screen saver Disabled
Uptime
Current Session
Current Time 12/20/2011 11:05:53 PM
Current Uptime 52619 sec (0 d, 14 h, 36 m, 59 s)
Last Boot Time 12/20/2011 8:28:54 AM
Process List
alg.exe
Process ID 3216
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\alg.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
applemobiledeviceservice.exe
Process ID 1456
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Memory Usage 36 MB
Peak Memory Usage 36 MB
csrss.exe
Process ID 600
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 7.39 MB
Peak Memory Usage 7.41 MB
ctfmon.exe
Process ID 1080
User Owner
Domain JOEL032276
Path C:\WINDOWS\system32\ctfmon.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
easyshare.exe
Process ID 724
User Owner
Domain JOEL032276
Path C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Memory Usage 97 MB
Peak Memory Usage 97 MB
explorer.exe
Process ID 2036
User Owner
Domain JOEL032276
Path C:\WINDOWS\Explorer.EXE
Memory Usage 58 MB
Peak Memory Usage 66 MB
googletoolbarnotifier.exe
Process ID 1036
User Owner
Domain JOEL032276
Path C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Memory Usage 1.59 MB
Peak Memory Usage 17 MB
hkcmd.exe
Process ID 788
User Owner
Domain JOEL032276
Path C:\WINDOWS\system32\hkcmd.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
hpzipm12.exe
Process ID 1864
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\HPZipm12.exe
Memory Usage 6.13 MB
Peak Memory Usage 6.13 MB
igfxtray.exe
Process ID 684
User Owner
Domain JOEL032276
Path C:\WINDOWS\system32\igfxtray.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
ipodservice.exe
Process ID 2944
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\iPod\bin\iPodService.exe
Memory Usage 9.06 MB
Peak Memory Usage 9.12 MB
ituneshelper.exe
Process ID 852
User Owner
Domain JOEL032276
Path C:\Program Files\iTunes\iTunesHelper.exe
Memory Usage 39 MB
Peak Memory Usage 39 MB
lsass.exe
Process ID 680
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 1.75 MB
Peak Memory Usage 18 MB
mbam.exe
Process ID 2232
User Owner
Domain JOEL032276
Path C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Memory Usage 99 MB
Peak Memory Usage 161 MB
mbamservice.exe
Process ID 1608
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Memory Usage 20 MB
Peak Memory Usage 20 MB
motohelper.exe
Process ID 1816
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
Memory Usage 31 MB
Peak Memory Usage 31 MB
motohelperagent.exe
Process ID 1988
User Owner
Domain JOEL032276
Path C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
motohelperservice.exe
Process ID 1776
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
Memory Usage 23 MB
Peak Memory Usage 23 MB
msmpeng.exe
Process ID 944
User SYSTEM
Domain NT AUTHORITY
Path c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Memory Usage 71 MB
Peak Memory Usage 129 MB
msseces.exe
Process ID 592
User Owner
Domain JOEL032276
Path C:\Program Files\Microsoft Security Client\msseces.exe
Memory Usage 25 MB
Peak Memory Usage 25 MB
nkmonitor.exe
Process ID 576
User Owner
Domain JOEL032276
Path C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
nmssvc.exe
Process ID 1852
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\NMSSvc.exe
Memory Usage 9.28 MB
Peak Memory Usage 9.29 MB
nserviceentry.exe
Process ID 1476
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Motorola Media Link\NServiceEntry.exe
Memory Usage 25 MB
Peak Memory Usage 25 MB
presentationfontcache.exe
Process ID 1504
User LOCAL SERVICE
Domain NT AUTHORITY
Path c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Memory Usage 57 MB
Peak Memory Usage 57 MB
qbcfmonitorservice.exe
Process ID 1904
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
qbupdate.exe
Process ID 1660
User Owner
Domain JOEL032276
Path C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Memory Usage 31 MB
Peak Memory Usage 33 MB
sascore.exe
Process ID 1444
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
Memory Usage 15 MB
Peak Memory Usage 15 MB
services.exe
Process ID 668
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 8.23 MB
Peak Memory Usage 8.26 MB
smss.exe
Process ID 536
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 892 KB
Peak Memory Usage 892 KB
speccy.exe
Process ID 328
User Owner
Domain JOEL032276
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
spoolsv.exe
Process ID 1344
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 20 MB
Peak Memory Usage 21 MB
svchost.exe
Process ID 828
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
svchost.exe
Process ID 1252
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
svchost.exe
Process ID 1192
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 2156
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 19 MB
Peak Memory Usage 19 MB
svchost.exe
Process ID 1060
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 984
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 59 MB
Peak Memory Usage 59 MB
svchost.exe
Process ID 908
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 19 MB
Peak Memory Usage 19 MB
svchost.exe
Process ID 3836
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.25 MB
Peak Memory Usage 3.26 MB
system
Process ID 4
Memory Usage 228 KB
Peak Memory Usage 1.97 MB
system idle process
Process ID 0
visicom_antiphishing.exe
Process ID 836
User Owner
Domain JOEL032276
Path C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
Memory Usage 19 MB
Peak Memory Usage 19 MB
winlogon.exe
Process ID 624
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 33 MB
Peak Memory Usage 67 MB
wmiprvse.exe
Process ID 2312
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 8.21 MB
Peak Memory Usage 9.08 MB
wmiprvse.exe
Process ID 3876
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 4.76 MB
Peak Memory Usage 4.82 MB
wuauclt.exe
Process ID 1952
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 6.52 MB
Peak Memory Usage 6.52 MB
TimeZone
TimeZone GMT -7 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Scheduler
GoogleUpdateTaskMachineUA 12/20/2011 11:17 PM;Every 1 hour(s) from 5:17 AM for 24 hour(s) every day, starting 10/19/2011
GoogleUpdateTaskMachineCore 12/21/2011 5:17 AM;Run at user logon
Google Software Updater 12/21/2011 2:01 PM;At 2:01 PM every day, starting 9/7/2011
MP Scheduled Scan 12/25/2011 1:41 AM;At 1:41 AM every Sun of every week, starting 12/20/2011
AppleSoftwareUpdate 12/26/2011 2:36 PM;At 2:36 PM every Mon of every week, starting 4/2/2011
Hotfixes
System Folders
Path for burning CD C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CD Burning
Application Data C:\Documents and Settings\All Users\Application Data
Public Desktop C:\Documents and Settings\All Users\Desktop
Documents C:\Documents and Settings\All Users\Documents
Global Favorites C:\Documents and Settings\All Users\Favorites
Music C:\Documents and Settings\All Users\Documents\My Music
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Start Menu C:\Documents and Settings\All Users\Start Menu
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Videos C:\Documents and Settings\All Users\Documents\My Videos
Cookies C:\Documents and Settings\Owner\Cookies
Desktop C:\Documents and Settings\Owner\Desktop
Physical Desktop C:\Documents and Settings\Owner\Desktop
User Favorites C:\Documents and Settings\Owner\Favorites
Fonts C:\WINDOWS\Fonts
Internet History C:\Documents and Settings\Owner\Local Settings\History
Temporary Internet Files C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files
Local Application Data C:\Documents and Settings\Owner\Local Settings\Application Data
Windows directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Program Files
Device Tree
ACPI Uniprocessor PC
Microsoft ACPI-Compliant System
Intel® Celeron® CPU 2.00GHz
System board
ACPI Sleep Button
ACPI Fixed Feature Button
PCI bus
Intel® 82845G/GL Processor to I/O Controller 2560
Intel® 82801DB/DBM SMBus Controller - 24C3
Multimedia Audio Controller
Intel® 82845G/GL/GE/PE/GV Graphics Controller
Plug and Play Monitor
Intel® 82801DB/DBM USB Universal Host Controller - 24C2
USB Root Hub
USB Human Interface Device
HID-compliant mouse
Intel® 82801DB/DBM USB Universal Host Controller - 24C4
USB Root Hub
Intel® 82801DB/DBM USB Universal Host Controller - 24C7
USB Root Hub
Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
USB Root Hub
USB Mass Storage Device
Generic USB 2.0 FLASH USB Device
Generic volume
Intel® 82801DB PCI Bridge - 244E
Intel® PRO/100 VE Network Connection
BCM V.90 56K Modem
Unimodem Half-Duplex Audio Device
Intel® 82801DB LPC Interface Controller - 24C0
ISAPNP Read Data Port
Programmable interrupt controller
Direct memory access controller
System timer
System CMOS/real time clock
System speaker
Numeric data processor
Motherboard resources
Intel® 82802 Firmware Hub Device
Communications Port (COM1)
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Motherboard resources
Standard floppy disk controller
Floppy disk drive
ECP Printer Port (LPT1)
Printer Port Logical Interface
Intel® 82801DB Ultra ATA Storage Controller - 24CB
Primary IDE Channel
Maxtor 2F040L0
Secondary IDE Channel
HL-DT-ST CD-RW GCE-8400B
Services
Running Apple Mobile Device
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running DeviceMonitorService
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running HTTP SSL
Running Intel® NMS
Running iPod Service
Running IPSEC Services
Running MBAMService
Running Microsoft Antimalware Service
Running MotoHelper Service
Running Motorola Helper
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Pml Driver HPZ12
Running Print Spooler
Running Protected Storage
Running QBCFMonitorService
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running SAS Core Service
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Presentation Foundation Font Cache 3.0.0.0
Running Windows Time
Running Wireless Zero Configuration
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management Service
Stopped Human Interface Device Access
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped InstallDriver Table Manager
Stopped Intuit QuickBooks FCS
Stopped LiveShare P2P Server 9
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Roxio Hard Drive Watcher 9
Stopped Roxio UPnP Renderer 9
Stopped Roxio Upnp Server 9
Stopped RoxMediaDB9
Stopped Smart Card
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Installer
Stopped Windows Media Player Network Sharing Service
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
CPU
Intel Celeron
Cores 1
Threads 1
Name Intel Celeron
Code Name Northwood
Package Socket 478 mPGA
Technology 0.13um
Specification Intel® Celeron® CPU 2.00GHz
Family F
Extended Family F
Model 2
Extended Model 2
Stepping 7
Revision C1
Instructions MMX, SSE, SSE2
Virtualization Unsupported
Hyperthreading Not supported
Bus Speed 100.0 MHz
Rated Bus Speed 400.1 MHz
Stock Core Speed 2000 MHz
Stock Bus Speed 100 MHz
Caches
L1 Data Cache Size 8 KBytes
L1 trace cache 12 Kµops
L2 Unified Cache Size 128 KBytes
Core 0
Core Speed 2000.0 MHz
Multiplier x 20.0
Bus Speed 100.0 MHz
Rated Bus Speed 400.1 MHz
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR
Size 1024 MBytes
DRAM Frequency 133.4 MHz
CAS# Latency (CL) 2.5 clocks
RAS# to CAS# Delay (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 6 clocks
Physical Memory
Memory Usage 76 %
Total Physical MB
Available Physical 238 MB
Total Virtual 2.41 GB
Available Virtual 1.87 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR
Size 512 MBytes
Manufacturer Patriot Memory
Max Bandwidth PC2100 (133 MHz)
Part Number PSD5122661
SPD Ext. EPP
JEDEC #2
Frequency 133.3 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
JEDEC #1
Frequency 100.0 MHz
CAS# Latency 2.0
RAS# To CAS# 2
RAS# Precharge 2
tRAS 5
Voltage 2.500 V
Slot #2
Type DDR
Size 512 MBytes
Manufacturer Patriot Memory
Max Bandwidth PC2100 (133 MHz)
Part Number PSD5122661
SPD Ext. EPP
JEDEC #2
Frequency 133.3 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
JEDEC #1
Frequency 100.0 MHz
CAS# Latency 2.0
RAS# To CAS# 2
RAS# Precharge 2
tRAS 5
Voltage 2.500 V
Motherboard
Manufacturer Intel Corporation
Model D845GRG (J2E1)
Version 4000792
Chipset Vendor Intel
Chipset Model i845GL
Chipset Revision A1
Southbridge Vendor Intel
Southbridge Model 82801DB (ICH4)
Southbridge Revision 01
BIOS
Brand Intel Corp.
Version RG84510A.15A.0021.P11.0210160839
Date 10/16/2002
PCI Data
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width 32 bit
Slot Designation J7B1
Slot Number 0
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage In Use
Bus Width 32 bit
Slot Designation J8B2
Slot Number 1
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width 32 bit
Slot Designation J9B2
Slot Number 2
Graphics
Monitor
Name Plug and Play Monitor on Intel 82845G/GL/GE/PE/GV Graphics Controller
Current Resolution 1280x600 pixels
Work Resolution 1280x566 pixels
State enabled, primary, output devices support
Monitor Width 1280
Monitor Height 600
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel® 82845G/GL/GE/PE/GV Graphics Controller
Memory 64 MB
Memory type 2
Driver version 6.14.10.4342
OpenGL
Version 1.3.0 - Build 4.14.10.4342
Vendor Intel
Renderer Intel 845G
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 16
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_ARB_multitexture
GL_ARB_point_parameters
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_ARB_transpose_matrix
GL_ARB_vertex_buffer_object
GL_ARB_vertex_program
GL_ARB_window_pos
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_blend_color
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_EXT_cull_vertex
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_multi_draw_arrays
GL_EXT_packed_pixels
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_stencil_wrap
GL_EXT_texture_compression_s3tc
GL_EXT_texture_env_add
GL_EXT_texture_env_combine
GL_EXT_texture_filter_anisotropic
GL_3DFX_texture_compression_FXT1
GL_IBM_texture_mirrored_repeat
GL_NV_blend_square
GL_NV_texgen_reflection
GL_SGIS_generate_mipmap
GL_WIN_swap_hint
GLU Extensions
GL_EXT_bgra
Hard Drives
Maxtor 2F040L0
Manufacturer Maxtor
Heads 16
Cylinders 16383
Device type Fixed
ATA Standard ATA/ATAPI-7
LBA Size 28bit LBA
Power On Count 1367 times
Power On Time 997.0 days
Features S.M.A.R.T., APM, AAM
Transfer Mode Ultra DMA/133
Interface PATA
Capacity 40GB
Real size 41,110,142,976 bytes
RAID Type None
S.M.A.R.T
03 Spin-Up Time 233 (233 worst) Data 000000150C
04 Start/Stop Count 253 (253) Data 0000000556
05 Reallocated Sectors Count 253 (253) Data 0000000000
06 Read Channel Margin 253 (253) Data 0000000000
07 Seek Error Rate 253 (252) Data 0000000000
08 Seek Time Performance 239 (226) Data 000000B339
09 Power-On Hours (POH) 114 (114) Data 0000005D77
0A Spin Retry Count 253 (252) Data 0000000000
0B Recalibration Retries 253 (252) Data 0000000000
0C Device Power Cycle Count 250 (250) Data 0000000557
63 253 (253) Data 0000000000
64 253 (253) Data 0000000000
65 253 (253) Data 0000000000
82 004 (001) Data 000100035B
C0 Power-off Retract Count 252 (252) Data 0000000542
C1 Load/Unload Cycle Count 252 (252) Data 000000158F
C2 Temperature 253 (253) Data 000000002C
C3 Hardware ECC Recovered 253 (251) Data 000000BC2A
C4 Reallocation Event Count 253 (253) Data 0000000000
C5 Current Pending Sector Count 253 (253) Data 0000000000
C6 Uncorrectable Sector Count 253 (253) Data 0000000000
C7 UltraDMA CRC Error Count 199 (199) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 253 (252) Data 0000000000
C9 Soft Read Error Rate 253 (252) Data 0000000000
CA Data Address Mark errors 253 (252) Data 0000000000
CB Run Out Cancel 253 (252) Data 0000000000
CC Soft ECC Correction 253 (252) Data 0000000000
CD Thermal Asperity Rate (TAR) 253 (252) Data 0000000000
CF Spin High Current 253 (252) Data 0000000000
D0 Spin Buzz 253 (252) Data 0000000000
D1 Offline Seek Performance 164 (157) Data 0000000000
Temperature 45 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number CCF10B43
Size 38.3GB
Used Space 24.2GB (64%)
Free Space 14.1GB (36%)
Optical Drives
HL-DT-ST CD-RW GCE-8400B
Media Type CD-ROM
Name HL-DT-ST CD-RW GCE-8400B
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Card
Unimodem Half-Duplex Audio Device
Playback Device
Modem #0 Line Record
Recording Device
Modem #0 Line Playback
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Logitech
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Olympus D-340L/C-840L Digital Camera
Device Kind Camera/scanner
Device Name Olympus D-340L/C-840L Digital Camera
Comment Olympus D-340L/C-840L Digital Camera
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\srusd.dll
File C:\WINDOWS\system32\fnfilter.dll
File C:\WINDOWS\system32\drivers\serscan.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic USB 2.0 FLASH USB Device
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2535.0
File C:\WINDOWS\system32\DRIVERS\disk.sys
Printers
HP Photosmart C3100 series (Default Printer)
Printer Port USB002
Print Processor hpzpp054
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name HP Photosmart C3100 series (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
QuickBooks PDF Converter
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 dpi Color
Status Unknown
Driver
Driver Name Amyuni Document Converter 300 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\acpdf300.dll
QuickBooks PDF Converter 3.0
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 dpi Color
Status Unknown
Driver
Driver Name Amyuni Document Converter 400 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\acpdf400.dll
Network
You are connected to the internet
Connected through Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.105
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 68.105.28.12
Alternate DNS server 68.105.29.12
Alternate DNS server 68.105.28.11
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 24.251.246.31
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 kbps
Computer Name
NetBIOS Name JOEL032276
DNS Name joel032276
Domain Name JOEL032276
Remote Desktop
Console
State Active
Domain JOEL032276
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.105
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
No network shares
Current TCP Connections
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1456)
Local 127.0.0.1:27015 LISTEN
Local 127.0.0.1:27015 ESTABLISHED Remote 127.0.0.1:1029 (Querying... )
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (1904)
Local 0.0.0.0:8019 LISTEN
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe (1816)
Local 0.0.0.0:12344 LISTEN
Local 0.0.0.0:12345 LISTEN
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (1988)
Local 127.0.0.1:1027 ESTABLISHED Remote 127.0.0.1:4573 (Querying... )
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe (1776)
Local 127.0.0.1:4573 LISTEN
Local 127.0.0.1:4573 ESTABLISHED Remote 127.0.0.1:1027 (Querying... )
C:\Program Files\iTunes\iTunesHelper.exe (852)
Local 127.0.0.1:1029 ESTABLISHED Remote 127.0.0.1:27015 (Querying... )
C:\WINDOWS\System32\svchost.exe (984)
Local 192.168.1.105:1247 ESTABLISHED Remote 192.168.1.1:2869 (Querying... )
C:\WINDOWS\system32\svchost.exe (1252)
Local 0.0.0.0:2869 LISTEN
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 192.168.1.105:139 (NetBIOS session service) LISTEN
svchost.exe (908)
Local 0.0.0.0:135 (DCE) LISTEN

BSOD:

==================================================
Dump File : Mini041411-03.dmp
Crash Time : 4/14/2011 7:21:20 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x872bfda0
Parameter 3 : 0x872bff14
Parameter 4 : 0x805fb1d6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c846
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c846
Stack Address 1 : ntoskrnl.exe+157561
Stack Address 2 : ntoskrnl.exe+124194
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041411-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini041411-02.dmp
Crash Time : 4/14/2011 8:01:05 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x87133250
Parameter 3 : 0x871333c4
Parameter 4 : 0x805fb1d6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c846
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c846
Stack Address 1 : ntoskrnl.exe+157561
Stack Address 2 : ntoskrnl.exe+124194
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041411-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini041411-01.dmp
Crash Time : 4/14/2011 7:28:13 AM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x86f37c08
Parameter 3 : 0x86f37d7c
Parameter 4 : 0x805fb1d6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c846
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c846
Stack Address 1 : ntoskrnl.exe+157561
Stack Address 2 : ntoskrnl.exe+124194
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini041411-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini110706-01.dmp
Crash Time : 11/7/2006 2:49:07 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804e8b48
Parameter 3 : 0xfc9cdbe4
Parameter 4 : 0xfc9cd8e0
Caused By Driver : afd.sys
Caused By Address : afd.sys+2d6a
File Description : Ancillary Function Driver for WinSock
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-0852)
Processor : 32-bit
Crash Address : ntoskrnl.exe+11b48
Stack Address 1 : afd.sys+2d6a
Stack Address 2 : afd.sys+2e59
Stack Address 3 : afd.sys+387c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini110706-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:30 AM

Posted 21 December 2011 - 01:23 AM

Are you currently paying for Mbam, because I see that you do not have any active anti-virus software running. Also, your RAM is a little low for XP and your CPU is greatly outdated.

#15 sgivens

sgivens
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 21 December 2011 - 09:06 AM

MSE is installed, but I've turned it off during these scans as I thought that was best practice. I'm running the free version of MBAM.

I completely agree that this PC is outdated and underpowered. It used to have only 512 MB of RAM :wacko: , but I had to install more the last time I worked on it, 'cause I couldn't stand how slow it was. I would have installed more, but I didn't want to get "updside down" in the cost of RAM vs the worth of the PC. It's a friend's computer that they are trying to keep alive for as long as possible. Once I (hopefully) get it functioning again, then I'll strongly suggest an upgrade to a newer PC.

Here are the MBAM results:

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/21/2011 6:46:12 AM
mbam-log-2011-12-21 (06-46-12).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 281200
Time elapsed: 4 hour(s), 38 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\softwaredistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users