my problems began as a browser hijack then after i thought i had cleared that up by buying their software "antimalware something" then the xp security virus thing took over...now the computer powers down at will and when i try to google
anything i am redirected to weird websites. Further, i am unable to get the computer to boot up for long periods of time.
I have attaced the dds text log and the attach text log i hope i have followed all the instructions properly to get help...
i'm not a great computer person so please bear with me and please help me...
thanks in advance & best regards,
b2thej1
dds text...
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ABC STUDENT at 12:56:33.64 on Sun 04/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1070 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k itlsvc
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\env.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ABC STUDENT\My Documents\Downloads\dds.scr
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.jzip.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110423004836.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Browser protection: {fb9ffb4b-9680-4256-8178-5ecdb2c19b23} - c:\progra~1\spynom~1\SNMIEG~1.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [arg70techsdk.exe] c:\documents and settings\abc student\application data\f82f01b0682a4e0ca7f43f487e30b41a\arg70techsdk.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [ImgTask] c:\windows\Imgtask.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Jtajozili] rundll32.exe "c:\windows\iviqicox.dll",Startup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [MRtPNAFMRSnT] c:\documents and settings\all users\application data\MRtPNAFMRSnT.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\abcstu~1\startm~1\programs\startup\antima~1.lnk - c:\documents and settings\abc student\application data\f82f01b0682a4e0ca7f43f487e30b41a\arg70techsdk.exe
StartupFolder: c:\docume~1\abcstu~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
Notify: lonerty - c:\documents and settings\localservice\local settings\application data\lonerty.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\abcstu~1\applic~1\mozilla\firefox\profiles\uq02s0i7.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\abc student\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\abc student\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\abc student\application data\mozilla\firefox\profiles\uq02s0i7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {44CFD17F-A308-4B13-B326-93402B0665F2} - c:\documents and settings\abc student\local settings\application data\{44CFD17F-A308-4B13-B326-93402B0665F2}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\abc student\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-1-14 3456]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-4-23 84072]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-10 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-23 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-4-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-4-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-4-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-22 141792]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-4-23 55840]
R3 EraserUtilDrvI10;EraserUtilDrvI10;c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [2011-4-15 102448]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-4-23 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-4-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-4-23 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-4-23 88544]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110415.002\naveng.sys [2011-4-15 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110415.002\navex15.sys [2011-4-15 1393144]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-4-23 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-4-23 84264]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-12 14424]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
.
=============== File Associations ===============
.
exefile="c:\documents and settings\networkservice\local settings\application data\sqd.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-04-23 19:03:24 -------- d-sh--w- c:\documents and settings\abc student\IECompatCache
2011-04-23 05:48:36 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-04-23 05:48:34 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-23 05:48:23 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-23 05:48:23 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-23 05:48:23 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-23 05:48:23 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-23 05:48:22 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-23 05:48:22 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-23 05:48:22 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-23 05:48:14 -------- d-----w- c:\program files\common files\Mcafee
2011-04-23 05:48:13 -------- dc----w- c:\program files\McAfee.com
2011-04-23 05:47:48 -------- dc----w- c:\program files\McAfee
2011-04-23 00:15:56 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-22 02:09:28 -------- dc----w- c:\program files\DVDFab 8
2011-04-21 12:16:47 529466 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-21 07:37:36 569344 ---ha-w- c:\docume~1\alluse~1\applic~1\MRtPNAFMRSnT.exe
2011-04-21 06:09:54 -------- d--h--w- c:\windows\system32\Adobe
2011-04-21 06:03:55 53248 -c-ha-w- c:\windows\system32\6to4v32.dll
2011-04-21 06:03:52 34816 ---ha-w- c:\windows\system32\itlnfw32.dll
2011-04-21 06:03:52 215552 ---ha-w- c:\windows\system32\itlpfw32.dll
2011-04-20 23:40:55 0 -c-ha-w- c:\windows\Fpemita.bin
2011-04-20 23:40:54 -------- d--h--w- c:\docume~1\abcstu~1\locals~1\applic~1\{44CFD17F-A308-4B13-B326-93402B0665F2}
2011-04-20 23:40:25 -------- d--h--w- c:\docume~1\abcstu~1\applic~1\F82F01B0682A4E0CA7F43F487E30B41A
.
==================== Find3M ====================
.
2011-04-24 17:51:26 17408 ---ha-w- c:\windows\system32\rpcnetp.dll
2011-04-24 17:51:24 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-24 17:26:41 17408 ---ha-w- c:\windows\system32\rpcnetp.exe
2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2011-02-15 20:33:42 34816 ---ha-w- c:\windows\system32\identprv.dll
2011-02-15 12:56:39 290432 ---ha-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ---ha-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ---ha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2009-03-27 21:46:45 2869536 -c-ha-w- c:\program files\spywareblastersetup41.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541660J9SA00 rev.SBBOC7KP -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A6534F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6597d0]; MOV EAX, [0x8a65984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A63BAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A592CE8]
\Driver\atapi[0x8A5E9A78] -> IRP_MJ_CREATE -> 0x8A6534F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A65333B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:59:21.73 ===============
attach text
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2008 2:39:33 PM
System Uptime: 4/24/2011 12:49:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WY383
Processor: Mobile AMD Sempron(tm) Processor 3600+ | Socket M2/S1G1 | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 23.845 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP662: 1/21/2011 7:43:57 PM - System Checkpoint
RP663: 1/22/2011 8:11:56 PM - System Checkpoint
RP664: 1/23/2011 8:31:13 PM - System Checkpoint
RP665: 1/24/2011 8:40:27 PM - System Checkpoint
RP666: 1/25/2011 9:31:14 PM - System Checkpoint
RP667: 1/26/2011 10:43:11 PM - System Checkpoint
RP668: 1/27/2011 11:31:14 PM - System Checkpoint
RP669: 1/29/2011 12:43:46 AM - System Checkpoint
RP670: 1/30/2011 1:31:14 AM - System Checkpoint
RP671: 1/31/2011 2:31:14 AM - System Checkpoint
RP672: 2/1/2011 3:31:11 AM - System Checkpoint
RP673: 2/2/2011 4:32:17 AM - System Checkpoint
RP674: 2/3/2011 4:32:29 AM - System Checkpoint
RP675: 2/4/2011 5:32:28 AM - System Checkpoint
RP676: 2/5/2011 6:32:31 AM - System Checkpoint
RP677: 2/6/2011 7:32:30 AM - System Checkpoint
RP678: 2/7/2011 8:32:30 AM - System Checkpoint
RP679: 2/8/2011 9:32:29 AM - System Checkpoint
RP680: 2/9/2011 3:00:16 AM - Software Distribution Service 3.0
RP681: 2/10/2011 3:26:08 AM - System Checkpoint
RP682: 2/11/2011 4:26:04 AM - System Checkpoint
RP683: 2/12/2011 4:50:38 AM - System Checkpoint
RP684: 2/13/2011 5:26:06 AM - System Checkpoint
RP685: 2/15/2011 8:56:48 PM - System Checkpoint
RP686: 2/16/2011 9:33:07 PM - System Checkpoint
RP687: 2/17/2011 10:18:23 PM - System Checkpoint
RP688: 2/18/2011 11:17:29 PM - System Checkpoint
RP689: 2/19/2011 11:33:39 PM - System Checkpoint
RP690: 2/21/2011 12:14:02 AM - System Checkpoint
RP691: 2/22/2011 1:14:02 AM - System Checkpoint
RP692: 2/23/2011 2:14:02 AM - System Checkpoint
RP693: 2/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP694: 2/25/2011 3:22:27 AM - System Checkpoint
RP695: 2/26/2011 4:22:28 AM - System Checkpoint
RP696: 2/27/2011 5:22:27 AM - System Checkpoint
RP697: 2/28/2011 6:22:28 AM - System Checkpoint
RP698: 3/1/2011 7:22:29 AM - System Checkpoint
RP699: 3/2/2011 8:22:27 AM - System Checkpoint
RP700: 3/3/2011 8:33:47 AM - System Checkpoint
RP701: 3/4/2011 9:33:45 AM - System Checkpoint
RP702: 3/5/2011 10:33:45 AM - System Checkpoint
RP703: 3/6/2011 12:15:14 PM - System Checkpoint
RP704: 3/7/2011 12:33:45 PM - System Checkpoint
RP705: 3/8/2011 1:33:46 PM - System Checkpoint
RP706: 3/9/2011 1:46:09 PM - System Checkpoint
RP707: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP708: 3/11/2011 3:46:08 AM - System Checkpoint
RP709: 3/12/2011 4:46:05 AM - System Checkpoint
RP710: 3/13/2011 2:16:28 PM - System Checkpoint
RP711: 3/14/2011 2:42:20 PM - System Checkpoint
RP712: 3/15/2011 3:42:22 PM - System Checkpoint
RP713: 3/16/2011 4:42:22 PM - System Checkpoint
RP714: 3/17/2011 5:42:22 PM - System Checkpoint
RP715: 3/18/2011 6:42:22 PM - System Checkpoint
RP716: 3/19/2011 6:56:52 PM - System Checkpoint
RP717: 3/20/2011 7:42:23 PM - System Checkpoint
RP718: 3/21/2011 10:13:20 PM - System Checkpoint
RP719: 3/22/2011 10:42:22 PM - System Checkpoint
RP720: 3/23/2011 11:42:22 PM - System Checkpoint
RP721: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP722: 3/25/2011 3:42:22 AM - System Checkpoint
RP723: 3/26/2011 4:42:21 AM - System Checkpoint
RP724: 3/27/2011 4:45:49 AM - System Checkpoint
RP725: 3/28/2011 5:45:48 AM - System Checkpoint
RP726: 3/29/2011 6:45:49 AM - System Checkpoint
RP727: 3/30/2011 7:45:46 AM - System Checkpoint
RP728: 3/31/2011 8:58:50 AM - System Checkpoint
RP729: 4/1/2011 9:45:47 AM - System Checkpoint
RP730: 4/2/2011 9:58:51 AM - System Checkpoint
RP731: 4/3/2011 11:29:22 AM - System Checkpoint
RP732: 4/4/2011 11:57:16 AM - System Checkpoint
RP733: 4/5/2011 12:57:18 PM - System Checkpoint
RP734: 4/6/2011 1:57:18 PM - System Checkpoint
RP735: 4/7/2011 2:57:18 PM - System Checkpoint
RP736: 4/8/2011 3:57:18 PM - System Checkpoint
RP737: 4/9/2011 4:57:16 PM - System Checkpoint
RP738: 4/10/2011 7:59:30 PM - System Checkpoint
RP739: 4/11/2011 10:14:55 PM - System Checkpoint
RP740: 4/12/2011 10:57:18 PM - System Checkpoint
RP741: 4/13/2011 11:57:16 PM - System Checkpoint
RP742: 4/15/2011 12:57:17 AM - System Checkpoint
RP743: 4/16/2011 2:22:20 AM - System Checkpoint
RP744: 4/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP745: 4/17/2011 3:30:48 AM - System Checkpoint
RP746: 4/18/2011 3:35:21 AM - System Checkpoint
RP747: 4/19/2011 4:35:20 AM - System Checkpoint
RP748: 4/20/2011 5:35:20 AM - System Checkpoint
.
==== Installed Programs ======================
.
1Click DVD Copy 5.8.4.0
AAC Decoder
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Shockwave Player 11.5
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
Bicycle Card Games
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell Support Center
Dell Wireless WLAN Card
Digital Line Detect
DirectVobSub (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 8.0.8.5 (19/03/2011)
eBay Icon
FormatFactory 2.20
Google Toolbar for Internet Explorer
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
ISI ResearchSoft - Export Helper
Java Auto Updater
Java(TM) 6 Update 21
jZip
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
Modem Diagnostic Tool
Motorola Driver Installation 3.7.0
Move Media Player
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 8 Essentials
neroxml
Netflix Movie Viewer
NetWaiting
Octoshape add-in for Adobe Flash Player
PeerBlock 1.0.0 (r181)
QuickSet
Revo Uninstaller 1.89
Rio Internet Update
Rio Music Manager
Rosetta Stone Ltd Services
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpyNoMore 2.67
SpywareGuard v2.2
StreamPlug Player 2.3.0
Sun Download Manager 2.0 (web)
Symantec AntiVirus
TBS WMP Plug-in
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.1
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
Xilisoft AVI to DVD Converter
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/24/2011 9:40:41 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 001644783AA4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/24/2011 12:54:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
4/24/2011 12:13:41 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McShield service, but this action failed with the following error: An instance of the service is already running.
4/23/2011 9:17:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/23/2011 9:17:37 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2011 8:31:33 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/23/2011 6:50:14 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/23/2011 12:03:44 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/23/2011 12:03:19 AM, error: SRService [104] - The System Restore initialization process failed.
4/23/2011 10:22:26 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McAfee SiteAdvisor Service service.
4/23/2011 1:18:25 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file volsnap.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
4/22/2011 5:55:26 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
4/22/2011 11:57:15 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/21/2011 8:07:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.17 for the Network Card with network address 001644783AA4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/21/2011 7:48:43 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/21/2011 7:47:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
.
==== End Of File ===========================