Quolli
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Quolli
-
-
Thank you very much
I will post back with the results of my reinstallation.
-
Thank you very much for your help. I have decided to take the reinstall Windows route of my PC. You have been incredibly helpful and patient.
I am a bit paranoid about the current computer that I have been using as my computers are connected via an Internet router. Do you have any recommendations of what I should do? This computer uses Kaspersky Internet Security Trial as well as Malware Bytes and SUPER Anti Spyware. Would I need to open up a new topic for this, or would it be better to continue with the same topic?
-
Thank you for your help, I have read them, but am still a bit unsure.
Could you possibly answer the HDD questions in simpler terms? I don't really understand what the content in the links are saying.
In regards to the Format link you have sent me, I was hoping for a step by step guide that details what I should do right from the beginning (ie, what options to select from the disk etc)
If I do decide to continue with the cleaning, would it be safe to use a USB to transfer the relevant scanning programs?
-
Hello Maniac, thank you for the fast reply.
I should tell you that about a week ago I was also infected by several trojans which were able to cleaned successfully. I gave it the benefit of the doubt and thought that I was clean, nevertheless I created a topic for my suspicions but forgot all about it. You may find the logs in it useful. Here is the topic: http://forums.malwarebytes.org/index.php?showtopic=111140&st=0&p=560638entry560638
I have uninstalled uTorrent and disconnected my PC from the Internet like you have asked.
There are a few questions I would like to ask you before I move onto the next steps.
1. My HDD is partitioned (let's call them C:/ and A:/). The main drive (ie the one that is infected) is C:/. Will my I:/ be "untouched"?
2. This leads on from the previous question. If I decide to take the easy route out and do a fresh install on Windows, will I:/ need to be wiped? (I've got some important files on that drive, hence why they are stored in the partition).
3. If Yes is the answer to 1. I would like to proceed and do a fresh install of Windows. Will you be posting a guide on how I can most effectively (or correctly I should say) reinstall Windows?
-
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Sakura at 21:14:08 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2946 [GMT 10:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com.au/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Oryxaqr] "c:\documents and settings\sakura\application data\neaf\owni.exe"
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [iaptrf] rundll32.exe "c:\documents and settings\sakura\application data\iaptrf.dll",HrByteToStream
mRun: [arisr] "c:\windows\system32\rundll32.exe" "c:\documents and settings\sakura\application data\arisr.dll",FileHandleToInstanceNameA
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sakura\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1339847077390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276944085828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v490.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C38FFE6C-21E4-4CE1-83D7-21562F34FE98} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-4-24 584224]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-2-5 51144]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DAZContentManagementService;DAZ Content Management Service; [x]
S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-9-3 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 1262400]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-6-19 35840]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-21 135584]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-19 111464]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-6-19 28416]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-6-19 17408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-22 05:28:21 -------- d-----w- c:\documents and settings\all users\application data\B7E858890004734F000ABA83D151FC4E
2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Tikiwu
2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Sasiot
2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Neaf
2012-06-16 12:19:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-16 12:18:30 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-16 12:18:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-16 12:18:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-16 12:18:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-16 12:18:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-16 12:18:29 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-16 12:18:29 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-06-16 12:03:11 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-16 11:55:05 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-06-16 11:55:05 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-06-16 11:55:04 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-06-16 11:53:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-06-16 09:33:58 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2012-06-16 09:32:59 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2012-06-16 09:31:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-06-16 09:31:07 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-06-16 08:49:25 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-06-16 08:49:25 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-06-16 08:49:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-06-16 08:49:25 13312 ----a-w- c:\windows\system32\irclass.dll
2012-06-16 08:49:00 16535 ----a-r- c:\windows\SET142.tmp
2012-06-16 08:48:57 1088840 ----a-r- c:\windows\SET136.tmp
2012-06-16 08:48:56 1296669 ----a-r- c:\windows\SET133.tmp
2012-06-16 08:05:49 370688 ----a-w- c:\documents and settings\sakura\application data\arisr.dll
2012-06-16 00:33:34 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-06-16 00:33:34 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-06-16 00:33:34 -------- d-----w- c:\program files\OpenAL
2012-06-15 10:19:25 -------- d-sh--w- c:\documents and settings\sakura\IECompatCache
2012-06-15 08:30:50 -------- d-----w- c:\program files\WinASO
2012-06-14 02:59:09 132608 ----a-w- c:\documents and settings\sakura\application data\iaptrf.dll
2012-06-12 06:25:35 -------- d-----w- c:\program files\Long Live The Queen
2012-06-10 01:27:58 -------- d-----w- c:\program files\Winter Wolves
2012-06-10 01:27:47 -------- d-----w- c:\windows\system32\2055
2012-05-29 04:08:47 -------- d-----w- C:\Downloads
.
==================== Find3M ====================
.
2012-06-17 23:18:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 23:18:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 08:55:34 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-16 08:55:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-16 08:55:10 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-15 03:15:03 72748 ----a-w- c:\windows\unins000.exe
2012-06-02 05:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 05:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 05:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-24 07:13:24 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-20 19:29:52 81920 ------w- c:\windows\system32\ieencode.dll
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:15:07.14 ===============
Attatch Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/06/2012 7:34:36 PM
System Uptime: 22/06/2012 9:12:16 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
Processor: Intel Pentium III Xeon processor | Socket 775 | 2833/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 92.406 GiB free.
D: is Removable
E: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 639 GiB total, 529.801 GiB free.
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&9A390B8&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&9A390B8&0&0000
Service: NuidFltr
.
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: HID Non-User Input Data Filter (KB 911895)
Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&9A390B8&0&0002
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter (KB 911895)
PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&9A390B8&0&0002
Service: NuidFltr
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&0&FB
Service:
.
==== System Restore Points ===================
.
RP1: 16/06/2012 9:44:22 PM - System Checkpoint
RP2: 16/06/2012 10:05:49 PM - Software Distribution Service 3.0
RP3: 16/06/2012 10:30:00 PM - Software Distribution Service 3.0
RP4: 16/06/2012 10:34:24 PM - Software Distribution Service 3.0
RP5: 18/06/2012 12:28:54 PM - System Checkpoint
RP6: 19/06/2012 6:08:40 PM - System Checkpoint
RP7: 20/06/2012 7:24:28 PM - System Checkpoint
RP8: 22/06/2012 6:05:31 PM - System Checkpoint
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
µTorrent
ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ
-
Hi, I need some help cleaning my computer of a variant of Win32/Spy.Zbot.ZR Trojan. So far I have done a full scan with Malware Bytes and SUPER Anti Spyware but they have not picked it up. After rebooting my computer after a full scan, ESET showed a warning that there was a Trojan on my PC but it is "unable to clean". I have scanned using Malware Bytes on Safe Mode. SUPER Anti Spyware was scanned on Normal mode. I am currently scanning using ESET NOD32 on Normal mode. The current scan says "Number of infiltrations: 1" and lists the Zbot.ZR Trojan as "unable to clean"
Unfortunately the Trojan appears to have partially hijacked my browser (it redirects me to my Homepage [Google] if I attempt to go to the Malware Bytes forum). I am not sure how I am to get my antivirus logs onto the forum without a USB (I'm a bit paranoid it may decide to travel via USB and infect the current computer I am using).
Please help, thank you for your time.
-
I'm quite sure it's a registry error, but if someone could help me confirm that it's actually a registry error and not some nasty virus that would be great.
-
I've recently been infected by several trojans. I managed to remove them all but I'm still a bit paranoid that there may be traces or something left.
I have scanned using Malware Bytes' Free and SuperAntiSpyware free twice. Once in "normal" mode and once in Safe Mode with both programs.
Why? Because my Desktop items don't "save". I move them in the order that I want, but every time I refresh my desktop they snap back into the default Alphabetical Order.
Here is my MBAM log (This is from the Normal Mode scan. The Safe Mode scan picked up nothing but SuperAntiSpyware did):
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.14.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sakura :: DORAEMON [administrator]
14/06/2012 1:16:46 PM
mbam-log-2012-06-14 (13-16-46).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 399972
Time elapsed: 58 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\n.) Good: (%SystemRoot%\system32\shdocvw.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\n (Trojan.Agent.MRGGen) -> Delete on reboot.
C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102268.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102258.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102280.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrrt20.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
(end)
And here is my SuperAntiSpyware scan (From Safe Mode):
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/15/2012 at 00:30 AM
Application Version : 5.0.1150
Core Rules Database Version : 8732
Trace Rules Database Version: 6544
Scan type : Complete Scan
Total Scan Time : 09:35:54
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 307
Memory threats detected : 0
Registry items scanned : 33354
Registry threats detected : 0
File items scanned : 181698
File threats detected : 35
Adware.Tracking Cookie
C:\Documents and Settings\Sakura\Cookies\XLGLUDQW.txt [ /doubleclick.net ]
C:\Documents and Settings\Sakura\Cookies\HEHPB15V.txt [ /questionmarket.com ]
C:\Documents and Settings\Sakura\Cookies\FEKIY76C.txt [ /statcounter.com ]
C:\Documents and Settings\Sakura\Cookies\Q4C8S4HP.txt [ /revsci.net ]
C:\Documents and Settings\Sakura\Cookies\M36WD5F6.txt [ /adxpose.com ]
C:\Documents and Settings\Sakura\Cookies\NPMV9VZS.txt [ /traffic.34556y5n.info ]
C:\Documents and Settings\Sakura\Cookies\5HRGR38I.txt [ /ads.adoptimized.com ]
C:\Documents and Settings\Sakura\Cookies\GNOOA2BR.txt [ /overture.com ]
C:\Documents and Settings\Sakura\Cookies\G4QWF8K8.txt [ /realmedia.com ]
C:\Documents and Settings\Sakura\Cookies\XVRR40UD.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Sakura\Cookies\XU74T9Q7.txt [ /ox-d.fondnessmedia.com ]
C:\Documents and Settings\Sakura\Cookies\S7VJK2VE.txt [ /imrworldwide.com ]
C:\Documents and Settings\Sakura\Cookies\BACYFPCB.txt [ /cdn.jemamedia.com ]
C:\Documents and Settings\Sakura\Cookies\XM3D6PHA.txt [ /serving-sys.com ]
C:\Documents and Settings\Sakura\Cookies\ZFGWGNKJ.txt [ /in.getclicky.com ]
C:\Documents and Settings\Sakura\Cookies\M2LMCWIN.txt [ /advertising.ezanga.com ]
C:\Documents and Settings\Sakura\Cookies\XJ3WZ1BZ.txt [ /atdmt.com ]
C:\Documents and Settings\Sakura\Cookies\KORQAMSX.txt [ /ru4.com ]
C:\Documents and Settings\Sakura\Cookies\8CCDF1IL.txt [ /mediaplex.com ]
C:\Documents and Settings\Sakura\Cookies\0A67HHU5.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Sakura\Cookies\8UI4TEO3.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Sakura\Cookies\FSLLJG21.txt [ /stat.onestat.com ]
C:\Documents and Settings\Sakura\Cookies\QLJ31XLX.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Sakura\Cookies\L4Z7JHUE.txt [ /media6degrees.com ]
C:\Documents and Settings\Sakura\Cookies\L3WGR5ON.txt [ /lucidmedia.com ]
C:\Documents and Settings\Sakura\Cookies\V0KKZDZI.txt [ /apmebf.com ]
C:\Documents and Settings\Sakura\Cookies\G2VSNSG6.txt [ /invitemedia.com ]
C:\Documents and Settings\Sakura\Cookies\FG3RA9EK.txt [ /statse.webtrendslive.com ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ]
Trojan.Agent/Gen-Sirefef
C:\DOCUMENTS AND SETTINGS\SAKURA\LOCAL SETTINGS\APPLICATION DATA\{49081AA4-08D4-BFF3-6B2E-67656AEE082C}\U\80000032.@
Trojan.Agent/Gen-Nullo[short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP730\A0102315.INI
Infected computer and clean computer attached to same network
in Resolved Malware Removal Logs
Posted
Hi, one of my computers has recently been infected with a nasty Trojan (check here for the infected computer: http://forums.malwarebytes.org/index.php?showtopic=111508). This computer is one that I assume is clean, but nevertheless I have been browsing on the aforementioned infected PC for about a week. I would like to confirm that this PC is indeed clean and that the Trojan hasn't managed to travel through the network to this PC. The computers are connected via an Internet router. Both computers have a working Firewall.
Thank you for your time.
Here are my two DDS logs
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Allan at 22:35:37 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.511.115 [GMT 10:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com.au
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\allan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mRun: [iMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [soundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [EPSON Stylus Photo R310 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302403017357
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302403099747
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{66AF9C4C-95F0-40B9-A7F7-278AEF530258} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-17 565552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-4-10 54760]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-21 08:43:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-06-17 08:48:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-06-17 08:48:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-06-17 08:46:34 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-17 08:46:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-06-14 10:47:11 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-02 11:15:32 -------- d-----w- c:\documents and settings\allan\local settings\application data\Nero
.
==================== Find3M ====================
.
2012-06-02 05:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 05:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 05:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:40:25.65 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/04/2011 12:32:07 PM
System Uptime: 22/06/2012 5:03:40 PM (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000
Processor: Intel® Pentium® 4 CPU 2.80GHz | Socket 478 | 2813/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 35.069 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_04B8&PID_0803&MI_00\6&3234BB87&0&0000
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_04B8&PID_0803&MI_00\6&3234BB87&0&0000
Service: USBSTOR
.
==== System Restore Points ===================
.
RP350: 25/03/2012 8:04:41 PM - System Checkpoint
RP351: 28/03/2012 9:26:57 AM - System Checkpoint
RP352: 29/03/2012 9:12:15 PM - System Checkpoint
RP353: 2/04/2012 9:47:15 AM - System Checkpoint
RP354: 3/04/2012 7:32:24 PM - System Checkpoint
RP355: 4/04/2012 8:29:00 PM - System Checkpoint
RP356: 5/04/2012 8:41:29 PM - System Checkpoint
RP357: 7/04/2012 10:04:53 AM - System Checkpoint
RP358: 8/04/2012 11:29:01 AM - System Checkpoint
RP359: 9/04/2012 7:38:06 PM - System Checkpoint
RP360: 11/04/2012 6:53:26 PM - System Checkpoint
RP361: 12/04/2012 6:42:22 PM - Software Distribution Service 3.0
RP362: 12/04/2012 9:07:56 PM - Software Distribution Service 3.0
RP363: 14/04/2012 7:20:28 PM - System Checkpoint
RP364: 16/04/2012 10:21:55 AM - System Checkpoint
RP365: 17/04/2012 7:45:09 PM - System Checkpoint
RP366: 19/04/2012 11:19:02 AM - System Checkpoint
RP367: 21/04/2012 7:44:05 PM - System Checkpoint
RP368: 23/04/2012 8:00:29 AM - System Checkpoint
RP369: 24/04/2012 6:45:51 PM - System Checkpoint
RP370: 25/04/2012 7:23:49 PM - System Checkpoint
RP371: 27/04/2012 7:30:36 PM - System Checkpoint
RP372: 28/04/2012 7:45:01 PM - System Checkpoint
RP373: 29/04/2012 8:46:18 PM - System Checkpoint
RP374: 1/05/2012 2:21:22 PM - System Checkpoint
RP375: 2/05/2012 7:27:48 PM - System Checkpoint
RP376: 3/05/2012 7:53:15 PM - System Checkpoint
RP377: 4/05/2012 7:53:50 PM - System Checkpoint
RP378: 6/05/2012 7:42:28 PM - System Checkpoint
RP379: 7/05/2012 7:44:56 PM - System Checkpoint
RP380: 8/05/2012 7:56:29 PM - System Checkpoint
RP381: 9/05/2012 8:38:21 PM - System Checkpoint
RP382: 11/05/2012 4:00:45 PM - Software Distribution Service 3.0
RP383: 12/05/2012 7:17:44 PM - System Checkpoint
RP384: 14/05/2012 7:49:42 AM - System Checkpoint
RP385: 14/05/2012 9:56:26 AM - Software Distribution Service 3.0
RP386: 15/05/2012 7:37:51 PM - System Checkpoint
RP387: 16/05/2012 7:53:38 PM - System Checkpoint
RP388: 17/05/2012 10:03:35 PM - System Checkpoint
RP389: 19/05/2012 5:22:59 AM - System Checkpoint
RP390: 21/05/2012 6:30:49 PM - System Checkpoint
RP391: 22/05/2012 7:30:04 PM - System Checkpoint
RP392: 22/05/2012 9:14:43 PM - Software Distribution Service 3.0
RP393: 24/05/2012 10:59:00 PM - System Checkpoint
RP394: 26/05/2012 6:49:01 PM - System Checkpoint
RP395: 27/05/2012 7:16:15 PM - System Checkpoint
RP396: 29/05/2012 8:21:59 PM - System Checkpoint
RP397: 31/05/2012 7:09:12 PM - System Checkpoint
RP398: 2/06/2012 6:58:33 PM - System Checkpoint
RP399: 3/06/2012 7:31:15 PM - System Checkpoint
RP400: 4/06/2012 7:08:54 PM - Software Distribution Service 3.0
RP401: 5/06/2012 7:20:23 PM - System Checkpoint
RP402: 6/06/2012 9:42:46 PM - System Checkpoint
RP403: 8/06/2012 4:57:48 PM - System Checkpoint
RP404: 9/06/2012 6:38:56 PM - System Checkpoint
RP405: 10/06/2012 7:24:38 PM - System Checkpoint
RP406: 12/06/2012 5:28:31 PM - System Checkpoint
RP407: 13/06/2012 6:31:24 PM - System Checkpoint
RP408: 14/06/2012 8:58:29 PM - Software Distribution Service 3.0
RP409: 16/06/2012 7:20:31 PM - System Checkpoint
RP410: 17/06/2012 6:34:15 PM - Removed ESET NOD32 Antivirus
RP411: 17/06/2012 6:46:22 PM - Installed Kaspersky Internet Security 2012.
RP412: 18/06/2012 7:23:38 PM - System Checkpoint
RP413: 19/06/2012 7:35:29 PM - System Checkpoint
RP414: 20/06/2012 8:10:25 PM - System Checkpoint
RP415: 21/06/2012 9:09:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advertising Center
ArcSoft PhotoStudio 2000
Auslogics BoostSpeed
Auslogics Disk Defrag ScreenSaver
Bing Bar
CCleaner
Combined Community Codec Pack 2010-10-10
Compatibility Pack for the 2007 Office system
DolbyFiles
DVDFab 6.0.2.0 (June 24, 2009)
DVDFab Platinum 2.9.8.0
Enable S3 for USB Device
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR310 Reference Guide
ESPR310 Software Guide
FileASSASSIN
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
HP USB Disk Storage Format Tool
Image Transfer
ImageMixer for Sony
ImagXpress
Junk Mail filter update
Kaspersky Internet Security 2012
Malwarebytes Anti-Malware version 1.61.0.1400
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Movie Templates - Starter Kit
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Display Driver
OmniPage Pro 9.0
PCI SoftV92 Modem
PIF DESIGNER2.1
PMB
Realtek AC'97 Audio
RTLSetup
Scan Manager 5.2
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923789)
Segoe UI
Sony USB Driver
SoundTrax
SUPERAntiSpyware
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
17/06/2012 9:57:42 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0050FCCF0CEF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
16/06/2012 5:02:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
16/06/2012 5:02:28 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================