Jump to content

Recommended Posts

Hello everyone!

I have a laptop running XP Media Center Edition without any recovery CD or for that matter no OS CD. Anyway, I've got some serious issues that I would appreciate some help with.

I ran Malwarebytes Anti-Malware 3 times (full scan) and it picked up *a lot* of malware. Initially, I couldn't even get MBAM to launch as it was killed shortly after it launched. I wasn't able to get to any other anti-malware sites, i.e., avg, avast, or even to my Windows Updates online. It's crazy. The one message I am getting at bootup is: "the maximum number of secrets that may be stored in a single system has been exceeded" + "the length and number of secrets is limited to satisfy United States....blah, blah". That particular one is an "svchost.exe" system error I have found but am unable to eradicate it. I am posting my HiJackThis and DDS.txt, Attach.txt in hopes someone can help me.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:40:13 PM, on 12/29/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jinber-2010\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325200285578

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 5845 bytes

*******************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by Jinber-2010 at 16:42:10 on 2011-12-29

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1634 [GMT -8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jinber-2010\Desktop\HijackThis.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NPSStartup]

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

dRunOnce: [RunNarrator] Narrator.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325200285578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 nwprovau

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-30 238952]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-30 36608]

S2 106;106;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

.

=============== Created Last 30 ================

.

2011-12-27 20:13:48 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-12-27 20:05:35 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-12-27 00:20:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-17 05:28:18 -------- d-----w- c:\documents and settings\all users\application data\NtiDvdCopy

2011-12-07 19:46:13 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-07 19:46:13 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-07 19:45:53 -------- d-----w- C:\f83c05504c1a89bbe1

2011-12-07 19:44:34 -------- d-----w- c:\program files\common files\xing shared

2011-12-07 19:40:08 -------- d-----w- c:\program files\SereneScreen

2011-12-07 19:31:12 -------- d-----w- c:\documents and settings\jinber-2010\local settings\application data\Temp

2011-12-07 19:31:04 -------- d-----w- c:\documents and settings\jinber-2010\local settings\application data\Real

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xB9228230]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A846AB8]

3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x890044A8]

\Driver\00004178[0x8A645790] -> IRP_MJ_CREATE -> 0xB9228230

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A86431B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 16:44:05.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/4/2010 6:52:52 PM

System Uptime: 12/29/2011 4:31:52 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0MG532

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 987/166mhz

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 987/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 105 GiB total, 85.681 GiB free.

D: is CDROM ()

E: is Removable

F: is FIXED (NTFS) - 7 GiB total, 6.449 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: BCM2045

Device ID: USB\VID_413C&PID_8126\5&353D527B&0&1

Manufacturer:

Name: BCM2045

PNP Device ID: USB\VID_413C&PID_8126\5&353D527B&0&1

Service:

.

==== System Restore Points ===================

.

RP1: 5/4/2010 7:05:27 PM - System Checkpoint

RP2: 5/4/2010 7:17:55 PM - higgy1

RP3: 5/5/2010 6:36:36 PM - Installed Broadcom 440x 10/100 Integrated Controller

RP4: 5/5/2010 6:37:48 PM - Installed Windows XP KB888111WXPSP2.

RP5: 5/5/2010 6:41:20 PM - Installed SigmaTel Audio

RP6: 5/5/2010 7:07:01 PM - Installed Adobe Reader 8

RP7: 5/5/2010 7:09:54 PM - Installed J2SE Runtime Environment 5.0 Update 6

RP8: 5/5/2010 7:25:02 PM - Installed NTI DVD-Maker

RP9: 5/7/2010 1:51:12 PM - System Checkpoint

RP10: 5/8/2010 2:47:43 PM - System Checkpoint

RP11: 5/13/2010 10:35:38 AM - avast! Free Antivirus Setup

RP12: 5/25/2010 9:06:25 PM - System Checkpoint

RP13: 5/27/2010 11:04:34 AM - System Checkpoint

RP14: 5/28/2010 5:01:25 PM - System Checkpoint

RP15: 5/29/2010 9:05:52 PM - System Checkpoint

RP16: 5/31/2010 11:31:39 AM - System Checkpoint

RP17: 6/1/2010 9:44:42 PM - System Checkpoint

RP18: 6/4/2010 4:57:56 PM - System Checkpoint

RP19: 6/6/2010 10:01:15 AM - System Checkpoint

RP20: 6/7/2010 3:10:32 PM - System Checkpoint

RP21: 6/9/2010 7:06:16 PM - System Checkpoint

RP22: 6/11/2010 8:13:52 PM - System Checkpoint

RP23: 6/12/2010 9:04:01 PM - System Checkpoint

RP24: 6/15/2010 3:02:01 PM - System Checkpoint

RP25: 6/16/2010 8:25:38 PM - System Checkpoint

RP26: 6/18/2010 3:33:41 PM - System Checkpoint

RP27: 6/19/2010 8:56:50 PM - System Checkpoint

RP28: 6/21/2010 9:39:56 PM - System Checkpoint

RP29: 6/22/2010 10:13:44 PM - System Checkpoint

RP30: 6/24/2010 3:06:38 PM - System Checkpoint

RP31: 6/26/2010 1:19:08 PM - System Checkpoint

RP32: 6/27/2010 7:15:17 PM - System Checkpoint

RP33: 6/28/2010 8:47:20 PM - System Checkpoint

RP34: 7/2/2010 6:37:50 PM - System Checkpoint

RP35: 7/3/2010 7:58:33 PM - System Checkpoint

RP36: 7/5/2010 3:57:48 PM - System Checkpoint

RP37: 7/8/2010 7:11:01 PM - System Checkpoint

RP38: 7/22/2010 6:21:53 PM - Software Distribution Service 3.0

RP39: 7/23/2010 12:33:27 AM - Software Distribution Service 3.0

RP40: 7/28/2010 3:43:45 PM - Software Distribution Service 3.0

RP41: 8/30/2010 4:30:32 PM - Installed Samsung New PC Studio

RP42: 8/31/2010 11:53:58 AM - Software Distribution Service 3.0

RP43: 9/1/2010 10:03:38 PM - Software Distribution Service 3.0

RP44: 9/5/2010 6:09:46 PM - Installed RegWork.

RP45: 9/19/2010 9:20:13 AM - Software Distribution Service 3.0

RP46: 9/19/2010 11:45:08 AM - Software Distribution Service 3.0

RP47: 9/19/2010 1:37:38 PM - Software Distribution Service 3.0

RP48: 9/19/2010 1:40:16 PM - Software Distribution Service 3.0

RP49: 9/19/2010 8:38:43 PM - avast! Free Antivirus Setup

RP50: 9/19/2010 9:18:09 PM - Removed RegWork.

RP51: 10/14/2010 4:34:25 PM - Software Distribution Service 3.0

RP52: 11/10/2010 10:13:29 AM - Software Distribution Service 3.0

RP53: 12/15/2010 4:11:02 PM - Software Distribution Service 3.0

RP54: 1/11/2011 11:48:36 PM - Software Distribution Service 3.0

RP55: 2/9/2011 11:15:34 PM - Software Distribution Service 3.0

RP56: 3/9/2011 5:45:06 AM - Software Distribution Service 3.0

RP57: 4/17/2011 10:41:27 PM - Software Distribution Service 3.0

RP58: 6/27/2011 5:13:40 PM - System Checkpoint

RP59: 8/15/2011 8:27:35 PM - Installed Java 6 Update 24

RP60: 9/13/2011 5:16:04 PM - Installed Windows XP KB932823-v3.

RP61: 9/16/2011 7:55:19 PM - Removed Adobe Reader 8

RP62: 11/15/2011 4:38:49 PM - Restore Operation

RP63: 11/15/2011 5:12:12 PM - Configured NTI Backup NOW! 4

RP64: 11/15/2011 5:12:42 PM - Configured NTI DriveBackup! 4

RP65: 11/15/2011 5:32:15 PM - Restore Operation

RP66: 11/15/2011 8:30:14 PM - Software Distribution Service 3.0

RP67: 11/15/2011 9:10:23 PM - Software Distribution Service 3.0

RP68: 11/15/2011 10:35:39 PM - Software Distribution Service 3.0

RP69: 11/16/2011 8:34:34 AM - Software Distribution Service 3.0

RP70: 11/17/2011 8:50:20 AM - Software Distribution Service 3.0

RP71: 11/17/2011 8:03:30 PM - Software Distribution Service 3.0

RP72: 11/19/2011 12:31:48 PM - Software Distribution Service 3.0

RP73: 11/20/2011 12:21:28 PM - Software Distribution Service 3.0

RP74: 11/20/2011 5:47:13 PM - Software Distribution Service 3.0

RP75: 11/21/2011 7:24:28 PM - Software Distribution Service 3.0

RP76: 11/22/2011 9:40:30 AM - Software Distribution Service 3.0

RP77: 11/22/2011 8:51:56 PM - Software Distribution Service 3.0

RP78: 11/23/2011 4:11:04 PM - Software Distribution Service 3.0

RP79: 11/25/2011 5:30:18 PM - Software Distribution Service 3.0

RP80: 11/26/2011 4:38:56 PM - Software Distribution Service 3.0

RP81: 11/27/2011 4:16:52 PM - Software Distribution Service 3.0

RP82: 11/27/2011 8:12:58 PM - Software Distribution Service 3.0

RP83: 11/27/2011 8:27:47 PM - Software Distribution Service 3.0

RP84: 11/28/2011 3:09:32 PM - Software Distribution Service 3.0

RP85: 11/29/2011 4:07:55 PM - Software Distribution Service 3.0

RP86: 12/2/2011 11:32:13 AM - Software Distribution Service 3.0

RP87: 12/2/2011 9:43:44 PM - Software Distribution Service 3.0

RP88: 12/3/2011 7:54:48 PM - Software Distribution Service 3.0

RP89: 12/4/2011 3:13:16 PM - Software Distribution Service 3.0

RP90: 12/5/2011 3:12:17 PM - Software Distribution Service 3.0

RP91: 12/6/2011 5:31:50 PM - Software Distribution Service 3.0

RP92: 12/7/2011 11:13:45 AM - Software Distribution Service 3.0

RP93: 12/7/2011 11:27:15 AM - Restore Operation

RP94: 12/27/2011 10:44:11 AM - Removed Ask Toolbar.

RP95: 12/27/2011 11:01:11 AM - Removed Adobe Reader 8

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

AutoUpdate

Broadcom 440x 10/100 Integrated Controller

Conexant HDA D110 MDC V.92 Modem

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterActual Player

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 24

Malwarebytes Anti-Malware version 1.60.0.1800

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIWA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

mWMI

mZConfig

NTI Backup NOW! 4

NTI DriveBackup! 4

NTI DVD-Maker

PowerDVD

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealUpgrade 1.1

SAMSUNG Android USB Modem Software

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

SAMSUNG Mobile Modem Driver Set

SAMSUNG Mobile Modem V2 Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Download Driver Software

SAMSUNG Mobile USB Driver

SAMSUNG Mobile USB Modem 1.0 Software

Samsung Mobile USB Modem Device Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

SAMSUNG USB Mobile Device Software

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

SereneScreen Aquarium

SigmaTel Audio

Synaptics Pointing Device Driver

Update for Windows XP (KB898461)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VirtualCom driver

WebFldrs XP

Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Installer 3.1 (KB893803)

Windows XP Media Center Edition 2005 KB973768

WinZip

.

==== Event Viewer Messages From Past Week ========

.

12/29/2011 4:37:00 PM, error: System Error [1003] - Error code 100000c5, parameter1 0a13000c, parameter2 00000002, parameter3 00000001, parameter4 8054afd2.

12/29/2011 4:30:53 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88bcd000, parameter3 88bcd828, parameter4 1b050000.

12/29/2011 3:25:42 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88c95000, parameter3 88c95828, parameter4 1b050000.

12/29/2011 3:25:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® PROSet/Wireless Event Log service to connect.

12/29/2011 3:25:23 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless SSO Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

12/29/2011 3:25:23 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2011 5:17:44 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

12/28/2011 5:15:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

12/26/2011 5:20:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/26/2011 4:58:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

12/26/2011 4:07:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/26/2011 3:33:37 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error

12/26/2011 3:33:08 PM, error: Service Control Manager [7023] - The 106 service terminated with the following error: The specified procedure could not be found.

12/26/2011 3:33:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/24/2011 1:17:21 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2011BA0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

12/23/2011 8:41:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

I hope this helps!

Link to post
Share on other sites

Hi!

I finally ran Kaspersky's AntiRootKit Utility, and no more problems!

Hello everyone!

I have a laptop running XP Media Center Edition without any recovery CD or for that matter no OS CD. Anyway, I've got some serious issues that I would appreciate some help with.

I ran Malwarebytes Anti-Malware 3 times (full scan) and it picked up *a lot* of malware. Initially, I couldn't even get MBAM to launch as it was killed shortly after it launched. I wasn't able to get to any other anti-malware sites, i.e., avg, avast, or even to my Windows Updates online. It's crazy. The one message I am getting at bootup is: "the maximum number of secrets that may be stored in a single system has been exceeded" + "the length and number of secrets is limited to satisfy United States....blah, blah". That particular one is an "svchost.exe" system error I have found but am unable to eradicate it. I am posting my HiJackThis and DDS.txt, Attach.txt in hopes someone can help me.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:40:13 PM, on 12/29/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jinber-2010\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325200285578

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 5845 bytes

*******************************************************

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by Jinber-2010 at 16:42:10 on 2011-12-29

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1634 [GMT -8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jinber-2010\Desktop\HijackThis.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NPSStartup]

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

dRunOnce: [RunNarrator] Narrator.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325200285578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

LSA: Authentication Packages = msv1_0 nwprovau

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-30 238952]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-30 36608]

S2 106;106;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]

.

=============== Created Last 30 ================

.

2011-12-27 20:13:48 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-12-27 20:05:35 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-12-27 00:20:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-17 05:28:18 -------- d-----w- c:\documents and settings\all users\application data\NtiDvdCopy

2011-12-07 19:46:13 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-07 19:46:13 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-07 19:45:53 -------- d-----w- C:\f83c05504c1a89bbe1

2011-12-07 19:44:34 -------- d-----w- c:\program files\common files\xing shared

2011-12-07 19:40:08 -------- d-----w- c:\program files\SereneScreen

2011-12-07 19:31:12 -------- d-----w- c:\documents and settings\jinber-2010\local settings\application data\Temp

2011-12-07 19:31:04 -------- d-----w- c:\documents and settings\jinber-2010\local settings\application data\Real

.

==================== Find3M ====================

.

2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xB9228230]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A846AB8]

3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x890044A8]

\Driver\00004178[0x8A645790] -> IRP_MJ_CREATE -> 0xB9228230

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A86431B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 16:44:05.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/4/2010 6:52:52 PM

System Uptime: 12/29/2011 4:31:52 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0MG532

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 987/166mhz

Processor: Intel® Core2 CPU T5600 @ 1.83GHz | Microprocessor | 987/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 105 GiB total, 85.681 GiB free.

D: is CDROM ()

E: is Removable

F: is FIXED (NTFS) - 7 GiB total, 6.449 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: BCM2045

Device ID: USB\VID_413C&PID_8126\5&353D527B&0&1

Manufacturer:

Name: BCM2045

PNP Device ID: USB\VID_413C&PID_8126\5&353D527B&0&1

Service:

.

==== System Restore Points ===================

.

RP1: 5/4/2010 7:05:27 PM - System Checkpoint

RP2: 5/4/2010 7:17:55 PM - higgy1

RP3: 5/5/2010 6:36:36 PM - Installed Broadcom 440x 10/100 Integrated Controller

RP4: 5/5/2010 6:37:48 PM - Installed Windows XP KB888111WXPSP2.

RP5: 5/5/2010 6:41:20 PM - Installed SigmaTel Audio

RP6: 5/5/2010 7:07:01 PM - Installed Adobe Reader 8

RP7: 5/5/2010 7:09:54 PM - Installed J2SE Runtime Environment 5.0 Update 6

RP8: 5/5/2010 7:25:02 PM - Installed NTI DVD-Maker

RP9: 5/7/2010 1:51:12 PM - System Checkpoint

RP10: 5/8/2010 2:47:43 PM - System Checkpoint

RP11: 5/13/2010 10:35:38 AM - avast! Free Antivirus Setup

RP12: 5/25/2010 9:06:25 PM - System Checkpoint

RP13: 5/27/2010 11:04:34 AM - System Checkpoint

RP14: 5/28/2010 5:01:25 PM - System Checkpoint

RP15: 5/29/2010 9:05:52 PM - System Checkpoint

RP16: 5/31/2010 11:31:39 AM - System Checkpoint

RP17: 6/1/2010 9:44:42 PM - System Checkpoint

RP18: 6/4/2010 4:57:56 PM - System Checkpoint

RP19: 6/6/2010 10:01:15 AM - System Checkpoint

RP20: 6/7/2010 3:10:32 PM - System Checkpoint

RP21: 6/9/2010 7:06:16 PM - System Checkpoint

RP22: 6/11/2010 8:13:52 PM - System Checkpoint

RP23: 6/12/2010 9:04:01 PM - System Checkpoint

RP24: 6/15/2010 3:02:01 PM - System Checkpoint

RP25: 6/16/2010 8:25:38 PM - System Checkpoint

RP26: 6/18/2010 3:33:41 PM - System Checkpoint

RP27: 6/19/2010 8:56:50 PM - System Checkpoint

RP28: 6/21/2010 9:39:56 PM - System Checkpoint

RP29: 6/22/2010 10:13:44 PM - System Checkpoint

RP30: 6/24/2010 3:06:38 PM - System Checkpoint

RP31: 6/26/2010 1:19:08 PM - System Checkpoint

RP32: 6/27/2010 7:15:17 PM - System Checkpoint

RP33: 6/28/2010 8:47:20 PM - System Checkpoint

RP34: 7/2/2010 6:37:50 PM - System Checkpoint

RP35: 7/3/2010 7:58:33 PM - System Checkpoint

RP36: 7/5/2010 3:57:48 PM - System Checkpoint

RP37: 7/8/2010 7:11:01 PM - System Checkpoint

RP38: 7/22/2010 6:21:53 PM - Software Distribution Service 3.0

RP39: 7/23/2010 12:33:27 AM - Software Distribution Service 3.0

RP40: 7/28/2010 3:43:45 PM - Software Distribution Service 3.0

RP41: 8/30/2010 4:30:32 PM - Installed Samsung New PC Studio

RP42: 8/31/2010 11:53:58 AM - Software Distribution Service 3.0

RP43: 9/1/2010 10:03:38 PM - Software Distribution Service 3.0

RP44: 9/5/2010 6:09:46 PM - Installed RegWork.

RP45: 9/19/2010 9:20:13 AM - Software Distribution Service 3.0

RP46: 9/19/2010 11:45:08 AM - Software Distribution Service 3.0

RP47: 9/19/2010 1:37:38 PM - Software Distribution Service 3.0

RP48: 9/19/2010 1:40:16 PM - Software Distribution Service 3.0

RP49: 9/19/2010 8:38:43 PM - avast! Free Antivirus Setup

RP50: 9/19/2010 9:18:09 PM - Removed RegWork.

RP51: 10/14/2010 4:34:25 PM - Software Distribution Service 3.0

RP52: 11/10/2010 10:13:29 AM - Software Distribution Service 3.0

RP53: 12/15/2010 4:11:02 PM - Software Distribution Service 3.0

RP54: 1/11/2011 11:48:36 PM - Software Distribution Service 3.0

RP55: 2/9/2011 11:15:34 PM - Software Distribution Service 3.0

RP56: 3/9/2011 5:45:06 AM - Software Distribution Service 3.0

RP57: 4/17/2011 10:41:27 PM - Software Distribution Service 3.0

RP58: 6/27/2011 5:13:40 PM - System Checkpoint

RP59: 8/15/2011 8:27:35 PM - Installed Java 6 Update 24

RP60: 9/13/2011 5:16:04 PM - Installed Windows XP KB932823-v3.

RP61: 9/16/2011 7:55:19 PM - Removed Adobe Reader 8

RP62: 11/15/2011 4:38:49 PM - Restore Operation

RP63: 11/15/2011 5:12:12 PM - Configured NTI Backup NOW! 4

RP64: 11/15/2011 5:12:42 PM - Configured NTI DriveBackup! 4

RP65: 11/15/2011 5:32:15 PM - Restore Operation

RP66: 11/15/2011 8:30:14 PM - Software Distribution Service 3.0

RP67: 11/15/2011 9:10:23 PM - Software Distribution Service 3.0

RP68: 11/15/2011 10:35:39 PM - Software Distribution Service 3.0

RP69: 11/16/2011 8:34:34 AM - Software Distribution Service 3.0

RP70: 11/17/2011 8:50:20 AM - Software Distribution Service 3.0

RP71: 11/17/2011 8:03:30 PM - Software Distribution Service 3.0

RP72: 11/19/2011 12:31:48 PM - Software Distribution Service 3.0

RP73: 11/20/2011 12:21:28 PM - Software Distribution Service 3.0

RP74: 11/20/2011 5:47:13 PM - Software Distribution Service 3.0

RP75: 11/21/2011 7:24:28 PM - Software Distribution Service 3.0

RP76: 11/22/2011 9:40:30 AM - Software Distribution Service 3.0

RP77: 11/22/2011 8:51:56 PM - Software Distribution Service 3.0

RP78: 11/23/2011 4:11:04 PM - Software Distribution Service 3.0

RP79: 11/25/2011 5:30:18 PM - Software Distribution Service 3.0

RP80: 11/26/2011 4:38:56 PM - Software Distribution Service 3.0

RP81: 11/27/2011 4:16:52 PM - Software Distribution Service 3.0

RP82: 11/27/2011 8:12:58 PM - Software Distribution Service 3.0

RP83: 11/27/2011 8:27:47 PM - Software Distribution Service 3.0

RP84: 11/28/2011 3:09:32 PM - Software Distribution Service 3.0

RP85: 11/29/2011 4:07:55 PM - Software Distribution Service 3.0

RP86: 12/2/2011 11:32:13 AM - Software Distribution Service 3.0

RP87: 12/2/2011 9:43:44 PM - Software Distribution Service 3.0

RP88: 12/3/2011 7:54:48 PM - Software Distribution Service 3.0

RP89: 12/4/2011 3:13:16 PM - Software Distribution Service 3.0

RP90: 12/5/2011 3:12:17 PM - Software Distribution Service 3.0

RP91: 12/6/2011 5:31:50 PM - Software Distribution Service 3.0

RP92: 12/7/2011 11:13:45 AM - Software Distribution Service 3.0

RP93: 12/7/2011 11:27:15 AM - Restore Operation

RP94: 12/27/2011 10:44:11 AM - Removed Ask Toolbar.

RP95: 12/27/2011 11:01:11 AM - Removed Adobe Reader 8

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

AutoUpdate

Broadcom 440x 10/100 Integrated Controller

Conexant HDA D110 MDC V.92 Modem

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterActual Player

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 24

Malwarebytes Anti-Malware version 1.60.0.1800

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIWA

mLogView

mMHouse

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mWlsSafe

mWMI

mZConfig

NTI Backup NOW! 4

NTI DriveBackup! 4

NTI DVD-Maker

PowerDVD

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealUpgrade 1.1

SAMSUNG Android USB Modem Software

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

SAMSUNG Mobile Modem Driver Set

SAMSUNG Mobile Modem V2 Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Download Driver Software

SAMSUNG Mobile USB Driver

SAMSUNG Mobile USB Modem 1.0 Software

Samsung Mobile USB Modem Device Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

SAMSUNG USB Mobile Device Software

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

SereneScreen Aquarium

SigmaTel Audio

Synaptics Pointing Device Driver

Update for Windows XP (KB898461)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VirtualCom driver

WebFldrs XP

Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Installer 3.1 (KB893803)

Windows XP Media Center Edition 2005 KB973768

WinZip

.

==== Event Viewer Messages From Past Week ========

.

12/29/2011 4:37:00 PM, error: System Error [1003] - Error code 100000c5, parameter1 0a13000c, parameter2 00000002, parameter3 00000001, parameter4 8054afd2.

12/29/2011 4:30:53 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88bcd000, parameter3 88bcd828, parameter4 1b050000.

12/29/2011 3:25:42 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88c95000, parameter3 88c95828, parameter4 1b050000.

12/29/2011 3:25:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® PROSet/Wireless Event Log service to connect.

12/29/2011 3:25:23 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless SSO Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

12/29/2011 3:25:23 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2011 5:17:44 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

12/28/2011 5:15:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

12/26/2011 5:20:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/26/2011 4:58:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

12/26/2011 4:07:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/26/2011 3:33:37 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error

12/26/2011 3:33:08 PM, error: Service Control Manager [7023] - The 106 service terminated with the following error: The specified procedure could not be found.

12/26/2011 3:33:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/24/2011 1:17:21 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2011BA0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

12/23/2011 8:41:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

I hope this helps!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.