Jump to content

pudit

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Regarding to this topic http://forums.malwarebytes.org/index.php?showtopic=113359&hl=&fromsearch=1 I decided to format my PC and install new windows. I still found the same alert from MalwareBite Here is log file Malwarebytes Anti-Malware (Corporate) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.23.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: NZN-B87372EDF4A [administrator] Protection: Enabled 23/8/2555 7:18:13 mbam-log-2012-08-23 (07-18-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 178994 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) +++++++++ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 7:19:01 on 2012-08-23 Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.1021 [GMT 7:00] . AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Drive Space Indicator\DrvSpace.exe C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\LClock\LClock.exe C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\administrator\application data\flashgetbho\FlashGetBHO.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [LClock] c:\program files\lclock\LClock.exe uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [DriveSpace] c:\program files\drive space indicator\DrvSpace.exe mRun: [VisualTooltip] c:\program files\utilities\visualtooltip\VisualToolTip.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRun: [LClock] c:\program files\lclock\LClock.exe dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe dPolicies-explorer: NoSMHelp = 1 (0x1) IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\avira\antivir desktop\avsda.dll TCP: DhcpNameServer = 203.144.206.29 203.144.206.49 TCP: Interfaces\{C9B5EC92-0D09-4D17-8F0C-B3DA013994C1} : DhcpNameServer = 203.144.206.29 203.144.206.49 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\fbvp75ap.default\ FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-21 36000] R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-8-21 375760] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-21 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-21 110032] R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-8-21 465360] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-21 83392] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-22 655944] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-22 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-23 40776] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-7-7 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-22 250568] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-23 00:15:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-22 06:08:56 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-22 06:08:56 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 03:26:47 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll 2012-08-22 03:26:45 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2012-08-22 03:26:45 265728 ------w- c:\windows\system32\dllcache\http.sys 2012-08-22 03:26:45 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2012-08-22 02:31:21 -------- d-----w- C:\DRMSoft 2012-08-22 01:27:52 -------- d-----w- c:\documents and settings\all users\application data\Broadcom 2012-08-22 00:29:41 -------- d-----w- c:\documents and settings\administrator\application data\BITS 2012-08-22 00:29:40 -------- d-----w- c:\documents and settings\administrator\application data\FlashgetSetup 2012-08-22 00:29:33 -------- d-----w- c:\documents and settings\administrator\application data\FlashGetBHO 2012-08-22 00:29:29 -------- d-----w- c:\program files\FlashGet Network 2012-08-22 00:29:29 -------- d-----w- c:\documents and settings\administrator\application data\FlashGet 2012-08-22 00:24:40 -------- d-----w- c:\documents and settings\administrator\local settings\application data\TechSmith 2012-08-22 00:24:20 -------- d-----w- c:\windows\system32\QuickTime 2012-08-22 00:24:11 -------- d-----w- c:\windows\system32\Flash 2012-08-22 00:23:59 -------- d-----w- c:\program files\common files\TechSmith Shared 2012-08-21 23:44:08 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-08-21 23:44:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-08-21 23:44:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 23:44:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-21 11:02:22 11136 ----a-w- c:\windows\system32\drivers\slip.sys 2012-08-21 11:02:20 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys 2012-08-21 11:02:18 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys 2012-08-21 11:02:17 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys 2012-08-21 11:02:15 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys 2012-08-21 11:02:14 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2012-08-21 11:02:12 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2012-08-21 11:02:10 16384 ----a-w- c:\windows\system32\ipsink.ax 2012-08-21 11:02:10 15232 ----a-w- c:\windows\system32\drivers\streamip.sys 2012-08-21 11:02:08 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2012-08-21 11:02:04 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2012-08-21 11:01:37 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2012-08-21 11:01:37 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-08-21 11:01:37 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-08-21 11:01:37 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-08-21 11:01:37 4096 ----a-w- c:\windows\system32\ksuser.dll 2012-08-21 11:01:37 28672 ----a-w- c:\windows\system32\vidcap.ax 2012-08-21 11:01:37 20992 ----a-w- c:\windows\system32\dshowext.ax 2012-08-21 11:01:37 129536 ----a-w- c:\windows\system32\ksproxy.ax 2012-08-21 11:01:37 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2012-08-21 11:01:23 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-08-21 11:00:26 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2012-08-21 11:00:01 74240 ----a-w- c:\windows\system32\usbui.dll . ==================== Find3M ==================== . 2012-08-21 05:14:51 315392 ----a-w- c:\windows\HideWin.exe 2012-07-18 11:07:12 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-18 11:07:12 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 08:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 08:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 08:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 08:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 08:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 08:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 08:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 08:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 7:20:04.06 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 21/8/2555 11:14:56 System Uptime: 23/8/2555 6:26:35 (1 hours ago) . Motherboard: Acer, Inc. | | Nestos Processor: Intel® Pentium® Dual CPU T2410 @ 2.00GHz | U2E1 | 1999/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 39 GiB total, 26.165 GiB free. D: is FIXED (NTFS) - 110 GiB total, 52.769 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Description: Device ID: ACPI\WEC1023\4&7EDBEB0&0 Manufacturer: Name: PNP Device ID: ACPI\WEC1023\4&7EDBEB0&0 Service: . ==== System Restore Points =================== . RP1: 21/8/2555 13:54:27 - System Checkpoint RP2: 21/8/2555 17:33:31 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 RP3: 21/8/2555 17:34:11 - Installed OpenOffice.org 3.4 RP4: 22/8/2555 7:23:53 - Installed Camtasia Studio 5 RP5: 22/8/2555 8:00:25 - Installed Camtasia Studio 8 RP6: 22/8/2555 8:28:09 - Installed Broadcom Driver v4.170.25.12_Foxconn Installation Prog RP7: 22/8/2555 12:48:48 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 7-Zip 4.47 beta Adobe Flash Player 11 Plugin Agere Systems HDA Modem Artisteer 3 Avira Antivirus Premium 2012 Broadcom Driver v4.170.25.12_Foxconn Installation Program Broadcom Gigabit Integrated Controller Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn Camtasia Studio 5 Camtasia Studio 8 CCleaner CPL All-in-One Drive Space Indicator DVD Decrypter (Remove Only) FlashGet3.7 Foxit Reader Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) LClock Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 1.1 Redistributable Package Microsoft Visual J# 2.0 Redistributable Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) NirSoft Collection NVIDIA Drivers OpenOffice.org 3.4 Realtek High Definition Audio Driver Registry Mechanic 6.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Software Update for Web Folders TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Unlocker 1.8.5 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) VAIOXP Vista Drive Indicator! Vista System Properties WIDCOMM Bluetooth Software Windows Driver Package - Intel (NETw4x32) net (10/31/2007 11.5.0.34) Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) Windows Driver Package - Intel net (10/31/2007 11.5.0.34) Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Sidebar Windows XP Service Pack 3 WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 21/8/2555 13:36:52, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 21/8/2555 11:24:05, error: SideBySide [9] - Syntax error in manifest or policy file "C:\Program Files\Windows Sidebar\regsvr32.exe.Manifest" on line 3. The manifest file root element must be assembly. 21/8/2555 11:24:05, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Windows Sidebar\regsvr32.exe.Manifest. Reference error message: The operation completed successfully. . 21/8/2555 11:24:05, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Windows Sidebar\regsvr32.exe.Manifest" on line 3. 21/8/2555 11:15:16, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. . ==== End Of File =========================== I still infected? Please kindly advise Thanks!
  2. SHA256: 95e6990e718ac70b28fa6d988efac32c1ad19b2f2daf524ce3546db5b6889073 File name: usp10.dll Detection ratio: 0 / 42 Analysis date: 2012-08-07 02:37:40 UTC ( 0 minutes ago ) SHA256: f776d2680bd3407307b7072626f78460361fc5bc38623c9e16f394d300ab25de SHA1: c61095f51df41e64b3f034458958c918f0d6f8a8 MD5: c51b4a5c05a5475708e3c81c7765b71d File size: 26.5 KB ( 27136 bytes ) File name: mspmsnsv.dll File type: Win32 DLL Detection ratio: 0 / 42 Analysis date: 2012-08-07 02:41:04 UTC ( 0 minutes ago )
  3. Hi Here is log file. Run with safe mode Thanks ComboFix 12-08-05.02 - Administrator 08/06/2012 9:18.4.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.1627 [GMT 7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRB4.tmp c:\documents and settings\All Users\Application Data\common.data c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\_000017_.tmp.dll c:\windows\system32\_000018_.tmp.dll c:\windows\system32\_000019_.tmp.dll c:\windows\system32\msconfig.exe c:\windows\system32\SET988.tmp c:\windows\system32\SET989.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-07-31 23:45 . 2012-07-31 23:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-30 13:52 . 2012-07-30 13:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Topckit 2012-07-30 02:10 . 2012-07-30 02:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2012-07-08 00:26 . 2007-07-30 18:42 43008 ----a-r- c:\windows\system32\drivers\rimsptsk.sys 2012-07-08 00:26 . 2004-09-04 11:00 90112 ----a-r- c:\windows\system32\snymsico.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 01:04 . 2012-04-04 23:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-04 01:04 . 2011-05-18 13:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 06:46 . 2011-07-04 06:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19 . 2007-11-28 06:34 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2009-08-19 10:07 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2007-11-28 06:34 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2007-11-28 06:29 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 08:19 . 2001-08-23 20:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 08:19 . 2011-05-18 12:27 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 08:19 . 2011-05-18 12:27 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 08:19 . 2011-05-18 12:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 08:19 . 2001-08-23 20:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 08:19 . 2011-05-23 03:21 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 08:19 . 2011-05-18 12:27 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 08:19 . 2011-05-18 12:27 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 08:19 . 2007-11-28 06:35 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 08:19 . 2007-11-28 06:33 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 08:19 . 2001-08-23 20:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 08:19 . 2011-05-18 12:27 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 08:19 . 2011-05-18 12:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 08:18 . 2007-11-28 06:34 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 08:18 . 2007-11-28 06:34 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 08:18 . 2001-08-23 20:00 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2007-11-28 06:34 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:42 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 11:38 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec 2012-07-29 03:43 . 2011-05-19 23:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2007-11-28 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\usp10.dll . [-] 2007-11-28 06:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-24 8433664] "nwiz"="nwiz.exe" [2007-06-24 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-24 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-20 281768] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-17 1230848] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-07 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DriveSpace"=c:\program files\Drive Space Indicator\DrvSpace.exe "TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\explorer.exe"= %windir%\explorer.exe "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [20/5/2554 7:41 340136] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/5/2554 7:41 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [20/5/2554 7:41 428200] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/7/2554 13:53 655944] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [8/12/2554 23:34 1527104] S2 zuggdnqd;zuggdnqd;c:\windows\system32\drivers\zuggdnqd.sys [29/6/2554 9:23 101376] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/4/2555 6:34 250056] S3 Agerpd;Agerpd; [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/7/2554 13:53 22344] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/8/2555 6:45 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2555 19:34 113120] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [29/7/2554 12:25 9472] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [31/5/2554 14:03 10064] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] 2004-08-04 00:56 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] 2004-08-04 00:56 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:04] . 2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:57] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1202660629-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 00:16] . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1202660629-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 00:16] . 2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{0AC78C17-56EC-49E5-A9B2-2B402427B2E2}.job - c:\windows\system32\msfeedssync.exe [2011-05-18 21:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pudit.com/ uInternet Settings,ProxyOverride = *.local IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 203.144.206.29 203.144.206.49 DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://cctvbanchang.dyndns.org:81/AVC_AX_742.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\62haq9ke.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-zuggdnqd HKLM_ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 09:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-1202660629-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e6,b3,9f,6a,70,1d,41,a4,d5,b0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e6,b3,9f,6a,70,1d,41,a4,d5,b0,\ . Completion time: 2012-08-06 09:23:58 ComboFix-quarantined-files.txt 2012-08-06 02:23 . Pre-Run: 21,027,536,896 bytes free Post-Run: 21,722,152,960 bytes free . - - End Of File - - D8CF43527DD069213C76B23A372CF37D
  4. Yes, I still have problem with normal mode. It freeze Thanks
  5. Here is scan result with safemode aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-30 20:57:42 ----------------------------- 20:57:42.625 OS Version: Windows 5.1.2600 Service Pack 3 20:57:42.625 Number of processors: 2 586 0xF0D 20:57:42.625 ComputerName: TURKPUIGREAT UserName: 20:57:44.578 Initialize success 20:58:05.953 AVAST engine defs: 12073000 20:58:07.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e 20:58:07.531 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3 20:58:07.562 Disk 0 MBR read successfully 20:58:07.593 Disk 0 MBR scan 20:58:07.656 Disk 0 Windows XP default MBR code 20:58:07.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63 20:58:07.718 Disk 0 Partition - 00 0F Extended LBA 112619 MB offset 81915435 20:58:07.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112619 MB offset 81915498 20:58:07.781 Disk 0 scanning sectors +312560640 20:58:07.890 Disk 0 scanning C:\WINDOWS\system32\drivers 20:58:16.703 File: C:\WINDOWS\system32\drivers\zuggdnqd.sys **INFECTED** Win32:Rootkit-gen [Rtk] 20:58:16.765 Disk 0 trace - called modules: 20:58:16.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 20:58:17.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8] 20:58:17.296 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a818198] 20:58:17.531 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a791940] 20:58:18.078 AVAST engine scan C:\WINDOWS 20:58:23.359 AVAST engine scan C:\WINDOWS\system32 21:00:34.343 AVAST engine scan C:\WINDOWS\system32\drivers 21:00:45.812 File: C:\WINDOWS\system32\drivers\zuggdnqd.sys **INFECTED** Win32:Rootkit-gen [Rtk] 21:00:46.796 AVAST engine scan C:\Documents and Settings\Administrator 21:02:08.218 AVAST engine scan C:\Documents and Settings\All Users 21:02:41.406 Scan finished successfully 21:02:56.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 21:02:56.640 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt" Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.06 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Administrator :: TURKPUIGREAT [administrator] Protection: Disabled 30/7/2555 21:03:40 mbam-log-2012-07-30 (21-03-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186363 Time elapsed: 2 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Topckit (PUP.Topckit) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\Topckit (PUP.Topckit) -> Quarantined and deleted successfully. Files Detected: 2 C:\Documents and Settings\All Users\Application Data\COMMON.DATA (Malware.Trace) -> No action taken. C:\Program Files\Topckit\Topckit_2012.exe (PUP.Topckit) -> Quarantined and deleted successfully. (end)
  6. Hi Maniac I can't perform scan because my PC is hang not movement see attached pictures Thanks Turk
  7. Here is DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Administrator at 16:06:22 on 2012-07-30 Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.740 [GMT 7:00] . AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\LClock\LClock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe "C:\WINDOWS\system32\svchost.exe" C:\Program Files\Windows Media Player\wmplayer.exe D:\sofware\FSCapturePortable\FSCapturePortable.exe D:\sofware\FSCapturePortable\App\FSCapture\FSCapture.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.pudit.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: AcroIEHelperStub: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - Adobe PDF Link Helper BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [LClock] c:\program files\lclock\LClock.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [VisualTooltip] c:\program files\utilities\visualtooltip\VisualToolTip.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [<NO NAME>] mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRun: [LClock] c:\program files\lclock\LClock.exe dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\3.0.271\SSScheduler.exe dPolicies-explorer: NoSMHelp = 1 (0x1) IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306120888343 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306120862875 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://cctvbanchang.dyndns.org:81/AVC_AX_742.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 203.144.206.29 203.144.206.49 TCP: Interfaces\{B4F9DBA7-92D1-4CC4-A04E-E9F118EB5675} : DhcpNameServer = 203.144.206.29 203.144.206.49 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\62haq9ke.default\ FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-20 340136] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-20 428200] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-4 655944] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-4 22344] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064] S2 zuggdnqd;zuggdnqd;c:\windows\system32\drivers\zuggdnqd.sys [2011-6-29 101376] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 Agerpd;Agerpd; [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.271\McCHSvc.exe [2012-3-13 237272] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2011-7-29 9472] . =============== Created Last 30 ================ . 2012-07-30 02:09:28 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2012-07-30 02:09:18 -------- d-----w- c:\program files\McAfee Security Scan 2012-07-08 00:26:50 43008 ----a-r- c:\windows\system32\drivers\rimsptsk.sys 2012-07-08 00:26:49 90112 ----a-r- c:\windows\system32\snymsico.dll . ==================== Find3M ==================== . 2012-07-28 02:05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-28 02:05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 06:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 08:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 08:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 08:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 08:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 08:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 08:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 08:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 08:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 16:07:09.76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 18/5/2554 19:32:57 System Uptime: 30/7/2555 10:56:00 (6 hours ago) . Motherboard: Acer, Inc. | | Nestos Processor: Intel® Pentium® Dual CPU T2410 @ 2.00GHz | U2E1 | 1999/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 39 GiB total, 19.745 GiB free. D: is FIXED (NTFS) - 110 GiB total, 50.169 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011D1025&REV_12\4&28718C8C&0&4AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011D1025&REV_12\4&28718C8C&0&4AF0 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_011D1025&REV_12\4&28718C8C&0&4CF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_011D1025&REV_12\4&28718C8C&0&4CF0 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Device ID: ACPI\WEC1023\4&7EDBEB0&0 Manufacturer: Name: PNP Device ID: ACPI\WEC1023\4&7EDBEB0&0 Service: . ==== System Restore Points =================== . RP272: 19/6/2555 7:58:02 - System Checkpoint RP273: 20/6/2555 9:19:12 - System Checkpoint RP274: 21/6/2555 10:03:23 - System Checkpoint RP275: 22/6/2555 10:27:19 - System Checkpoint RP276: 23/6/2555 10:37:17 - System Checkpoint RP277: 25/6/2555 9:33:55 - System Checkpoint RP278: 26/6/2555 10:15:20 - System Checkpoint RP279: 26/6/2555 13:36:27 - Removed Broadcom Gigabit Integrated Controller. RP280: 26/6/2555 13:52:18 - Installed Broadcom Gigabit Integrated Controller. RP281: 27/6/2555 19:01:00 - System Checkpoint RP282: 28/6/2555 5:32:21 - Software Distribution Service 3.0 RP283: 29/6/2555 6:23:01 - System Checkpoint RP284: 1/7/2555 8:17:17 - System Checkpoint RP285: 2/7/2555 8:57:24 - System Checkpoint RP286: 3/7/2555 10:24:05 - System Checkpoint RP287: 4/7/2555 10:25:26 - System Checkpoint RP288: 6/7/2555 18:08:00 - System Checkpoint RP289: 8/7/2555 8:05:04 - System Checkpoint RP290: 9/7/2555 8:08:41 - System Checkpoint RP291: 10/7/2555 14:40:55 - System Checkpoint RP292: 11/7/2555 16:49:17 - System Checkpoint RP293: 12/7/2555 20:28:00 - Software Distribution Service 3.0 RP294: 14/7/2555 10:47:22 - System Checkpoint RP295: 14/7/2555 12:49:26 - Software Distribution Service 3.0 RP296: 14/7/2555 12:57:34 - Software Distribution Service 3.0 RP297: 14/7/2555 12:59:21 - Software Distribution Service 3.0 RP298: 15/7/2555 14:27:56 - System Checkpoint RP299: 16/7/2555 15:19:14 - System Checkpoint RP300: 17/7/2555 17:29:46 - System Checkpoint RP301: 19/7/2555 15:22:07 - System Checkpoint RP302: 21/7/2555 10:16:09 - System Checkpoint RP303: 24/7/2555 8:17:32 - System Checkpoint RP304: 25/7/2555 10:13:36 - System Checkpoint RP305: 26/7/2555 12:24:10 - System Checkpoint RP306: 28/7/2555 10:07:53 - System Checkpoint RP307: 29/7/2555 14:23:46 - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS Adobe Reader X (10.1.3) Advanced GIF Animator 3.0 Agere Systems HDA Modem Apple Application Support Apple Mobile Device Support Apple Software Update Artisteer 2 Artisteer 3 Ask Toolbar Avira AntiVir Premium Bonjour Broadcom Driver v4.170.25.12_Foxconn Installation Program Broadcom Gigabit Integrated Controller Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn Camtasia Studio 5 Camtasia Studio 6 Camtasia Studio 7 Canon CanoScan Toolbox 4.1 Canon iP1900 series Printer Driver Canon iP2700 series Printer Driver Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CCleaner CPL All-in-One CutePDF Writer 2.8 Drive Space Indicator DVD Decrypter (Remove Only) eBook Pack Express 1.75 Build 20070830 FileZilla Client 3.5.3 Foxit Reader Funky Python Golf Clubmaking Software Google Chrome HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) Instant Video Articles v1.03 iTunes Java Auto Updater Java 6 Update 22 Java 6 Update 5 LClock Magic Article Rewriter Magic Article Submitter Magic Tokens Database Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Security Scan Plus Micro Niche Finder 5.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Thai) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Thai) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (Thai) 2007 Microsoft Office InfoPath MUI (Thai) 2007 Microsoft Office OneNote MUI (Thai) 2007 Microsoft Office Outlook MUI (Thai) 2007 Microsoft Office PowerPoint MUI (Thai) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Thai) 2007 Microsoft Office Proofing (Thai) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Thai) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (Thai) 2007 Microsoft Office Word MUI (Thai) 2007 Microsoft Software Update for Web Folders (Thai) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual J# 1.1 Redistributable Package Microsoft Visual J# 2.0 Redistributable Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) NVIDIA Drivers OmniPage SE OpenOffice.org 3.3 PADexpress v1.51 PADGen 3.1.1.50 PDF2EXE Pro 3.0.0.777 QuickTime Realtek High Definition Audio Driver Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Software Update for Web Folders TextPad 5 TreePad Lite 4.3 Trojan Remover 6.8.2 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Unlocker 1.8.5 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIOXP VeryPDF PDF2Word v2.0 Vista Vista Drive Indicator! Vista System Properties WIDCOMM Bluetooth Software Windows Driver Package - Intel (NETw4x32) net (10/31/2007 11.5.0.34) Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) Windows Driver Package - Intel net (10/31/2007 11.5.0.34) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Sidebar Windows XP Service Pack 3 WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 30/7/2555 9:27:50, error: nv [43] - The system sleep operation failed 28/7/2555 18:16:13, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E6891826D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 28/7/2555 11:31:47, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 44:6D:57:41:AF:7D. Network operations on this system may be disrupted as a result. 27/7/2555 9:31:29, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001E6891826D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 27/7/2555 8:10:38, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 27/7/2555 7:29:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv 27/7/2555 7:27:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 24/7/2555 5:59:12, error: Service Control Manager [7000] - The zuggdnqd service failed to start due to the following error: Incorrect function. 24/7/2555 5:59:12, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified. 24/7/2555 5:58:03, error: Dhcp [1002] - The IP address lease 192.168.1.42 for the Network Card with network address 001E6891826D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.