Woke up one morning (05/04/11) after an update to find "windows Security Center" asking for administrative permission, regrettably I allowed it without thinking. My PC rebooted and when it was back up it had caused massive problems with my pc. It had marked almost all of my documents and programs as hidden, removed my desktop background, was slowing my pc down massively, blocked use of task manager and was making a lot of scareware style pop-ups asking for money to fix the problem. Long term it also gave me a google redirect virus that I removed, although now its back and I cant find it. And there is a hidden process that seems to be accessing websites in the background. I know this because I can hear them, but there is no process or application, and rarely I get "internet explorer script error", I leave these windows open, as it seems to disable the process for the rest of the session.
After a few days work I managed to fix everything that was wrong apart from the google redirects and the hidden internet explorer process. I currently have AVG and HijackThis on my pc and used MalwareBytes for the first time within the last few days, it removed 40 errors AVG hadnt found, including the google redirector, but that is now back.
Notably my AVG -once- complained that there was a bad thread running inside my explorer.exe process, which is obviously system critical, I assume this is to do with the hidden browsing going on behind the curtains, although I could be wrong.
I have used AVG, HJT, Mbam, RUBOTTED, Rootkitbuster and CWSshredder so far, I think that is all.
The DDS logs:
DDS.txt:-
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Simon Harris at 16:40:27.54 on 01/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.510 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Simon Harris\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
mSearchURL = hxxp://www.Google.com/
mSearchAssistant =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: 857060 helper: {6ccbafc1-5285-494f-93f1-6894c87a9c43} - 857060 Class
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a6acae64-f798-4930-ad86-bd3fb32038db} -
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - Windows Live Toolbar Helper
BHO: 1 (0x1) - No File
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: Protection Bar: {84938242-5c5b-4a55-b6b9-a1507543b418} -
TB: Internet Service: {254b87bb-510d-41fa-a887-52c5fa9be585} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\simonh~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d7050v5\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {0fe36c74-667b-454b-828e-75e4e72cbef8}: causes
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\simonh~1\applic~1\mozilla\firefox\profiles\evl7qoue.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox ... B:official
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_UK&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-9-28 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-5-1 54760]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-4-7 439632]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-9-28 238848]
S2 gb;gb;c:\windows\system32\svchost.exe -k netsvcs [2004-6-24 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\bt4501g.sys --> c:\windows\system32\drivers\BT4501G.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswmidin;jswmidin;\??\c:\docume~1\simonh~1\locals~1\temp\jswmidin.sys --> c:\docume~1\simonh~1\locals~1\temp\jswmidin.sys [?]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2008-11-19 30080]
S3 TMHidF;Thrustmaster FireStorm(TM) Wireless Gamepad HID Driver;c:\windows\system32\drivers\tmhidf.sys --> c:\windows\system32\drivers\TMHidF.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-6-24 14336]
.
=============== Created Last 30 ================
.
2011-05-01 10:41:59 -------- d-----w- c:\docume~1\simonh~1\applic~1\Windows Search
2011-05-01 10:11:18 -------- d-----w- c:\documents and settings\simon harris\Tracing
2011-05-01 10:09:59 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-05-01 10:08:43 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-01 10:07:23 -------- d-----w- c:\program files\Microsoft
2011-05-01 10:07:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-05-01 10:06:25 4927864 ----a-w- c:\program files\common files\windows live\.cache\6ded26801cc07e7\Silverlight.2.0.exe
2011-05-01 10:04:53 74520 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\DSETUP.dll
2011-05-01 10:04:53 484632 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\DXSETUP.exe
2011-05-01 10:04:53 1670936 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\dsetup32.dll
2011-05-01 10:04:36 1013800 ----a-w- c:\program files\common files\windows live\.cache\2d330f241cc07e7\WindowsXP-KB954708-x86-ENU.exe
2011-05-01 09:51:43 -------- d-----w- c:\program files\common files\Windows Live
2011-05-01 09:50:20 -------- d-----w- c:\windows\system32\winrm
2011-05-01 09:50:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-01 09:49:52 -------- d-----w- c:\docume~1\simonh~1\locals~1\applic~1\Identities
2011-05-01 09:49:48 -------- d-----w- c:\docume~1\simonh~1\applic~1\Windows Desktop Search
2011-05-01 09:49:13 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-01 09:49:13 -------- d-----w- c:\program files\Windows Desktop Search
2011-04-29 15:06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 14:29:27 -------- d-----w- c:\docume~1\simonh~1\applic~1\Malwarebytes
2011-04-29 14:29:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-28 02:02:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-26 20:10:53 53248 ----a-r- c:\docume~1\simonh~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-04-26 20:08:57 -------- d-----w- c:\program files\common files\LWS
2011-04-26 19:51:01 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-26 19:51:01 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-26 19:50:38 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-26 19:50:38 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-04-26 19:50:37 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-04-24 09:04:39 -------- d-----w- c:\program files\World of Warcraft
2011-04-24 09:04:39 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-04-24 09:03:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2011-04-07 21:06:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-04-07 15:05:23 -------- d-----w- c:\program files\WinPcap
2011-04-07 15:04:45 -------- d-----w- c:\program files\Trend Micro
2011-04-07 14:54:14 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-07 13:58:37 -------- d-----w- c:\program files\Bethesda Softworks
2011-04-07 12:22:32 -------- d-----w- c:\docume~1\simonh~1\applic~1\uTorrent
2011-04-06 19:06:31 -------- d-----w- c:\docume~1\simonh~1\applic~1\AVG
2011-04-06 14:57:58 -------- d--h--w- C:\$AVG
2011-04-06 14:53:22 -------- d-----w- c:\docume~1\simonh~1\applic~1\AVG10
2011-04-06 14:22:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-06 14:20:43 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-06 14:20:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-06 13:46:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-06 13:46:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-06 13:41:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-02 02:17:43 -------- d-----w- c:\docume~1\simonh~1\applic~1\Uzwi
.
==================== Find3M ====================
.
2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 16:41:01.62 ===============
Attach.txt:-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/06/2004 16:09:24
System Uptime: 01/05/2011 11:36:22 (5 hours ago)
.
Motherboard: | | SiS-661
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 478 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 65.309 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_1B101019&REV_10\3&61AAA01&1&70
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_1B101019&REV_10\3&61AAA01&1&70
Service: RTL8023
.
==== System Restore Points ===================
.
RP1034: 11/03/2011 03:00:18 - Software Distribution Service 3.0
RP1035: 12/03/2011 03:00:22 - Software Distribution Service 3.0
RP1036: 14/03/2011 07:05:16 - System Checkpoint
RP1037: 15/03/2011 07:14:44 - System Checkpoint
RP1038: 16/03/2011 08:02:44 - System Checkpoint
RP1039: 17/03/2011 08:26:43 - System Checkpoint
RP1040: 18/03/2011 09:22:40 - System Checkpoint
RP1041: 19/03/2011 10:22:39 - System Checkpoint
RP1042: 20/03/2011 10:58:39 - System Checkpoint
RP1043: 21/03/2011 11:22:38 - System Checkpoint
RP1044: 21/03/2011 13:53:52 - Installed %1 %2.
RP1045: 21/03/2011 13:53:57 - Printer Driver Microsoft XPS Document Writer Installed
RP1046: 22/03/2011 03:00:27 - Software Distribution Service 3.0
RP1047: 23/03/2011 03:00:24 - Software Distribution Service 3.0
RP1048: 23/03/2011 04:19:31 - Printer Driver Microsoft XPS Document Writer Installed
RP1049: 24/03/2011 03:00:21 - Software Distribution Service 3.0
RP1050: 25/03/2011 03:00:28 - Software Distribution Service 3.0
RP1051: 26/03/2011 03:00:24 - Software Distribution Service 3.0
RP1052: 27/03/2011 14:50:33 - System Checkpoint
RP1053: 30/03/2011 16:21:14 - System Checkpoint
RP1054: 01/04/2011 05:11:43 - System Checkpoint
RP1055: 02/04/2011 05:20:56 - System Checkpoint
RP1056: 03/04/2011 06:20:56 - System Checkpoint
RP1057: 04/04/2011 06:32:56 - System Checkpoint
RP1058: 05/04/2011 07:08:56 - System Checkpoint
RP1059: 05/04/2011 23:08:05 - Installed Morrowind
RP1060: 05/04/2011 23:10:54 - Removed TES Construction Set
RP1061: 05/04/2011 23:13:26 - Removed Morrowind
RP1062: 05/04/2011 23:14:47 - Installed Morrowind
RP1063: 06/04/2011 13:40:06 - Installed Java(TM) 6 Update 24
RP1064: 06/04/2011 14:45:18 - Restore Operation
RP1065: 06/04/2011 14:54:43 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1066: 06/04/2011 14:54:54 - Installed AVG 2011
RP1067: 06/04/2011 14:55:12 - Removed AVG Identity Protection.
RP1068: 06/04/2011 15:20:25 - Installed AVG 2011
RP1069: 06/04/2011 22:51:06 - Removed Icewind Dale II
RP1070: 06/04/2011 22:51:26 - Removed Icewind Dale II
RP1071: 06/04/2011 22:59:34 - Configured iPod for Windows 2006-06-28
RP1072: 07/04/2011 00:34:47 - Removed Age of Empires III
RP1073: 07/04/2011 00:36:38 - Removed Apple Mobile Device Support
RP1074: 07/04/2011 00:37:51 - Removed Apple Software Update
RP1075: 07/04/2011 00:38:21 - Removed Apple Application Support
RP1076: 07/04/2011 00:53:55 - Removed Severance: Blade of Darkness
RP1077: 07/04/2011 01:05:13 - Removed iTunes
RP1078: 07/04/2011 01:11:13 - Removed Java DB 10.2.2.0
RP1079: 07/04/2011 01:16:50 - Removed Ventrilo Server
RP1080: 07/04/2011 01:17:18 - Removed Ventrilo Client
RP1081: 07/04/2011 01:18:16 - Removed Windows Live Messenger
RP1082: 07/04/2011 01:19:42 - Removed Windows Live Sign-in Assistant
RP1083: 07/04/2011 01:20:20 - Removed Replay
RP1084: 07/04/2011 01:21:34 - Removed Java(TM) SE Development Kit 6 Update 2
RP1085: 07/04/2011 01:23:51 - Removed Java(TM) 6 Update 7
RP1086: 07/04/2011 01:24:38 - Removed Java(TM) 6 Update 2
RP1087: 07/04/2011 01:25:42 - Removed Java(TM) 6 Update 12
RP1088: 07/04/2011 01:28:51 - Removed Age of Empires III
RP1089: 07/04/2011 01:29:20 - Removed Microsoft Silverlight
RP1090: 07/04/2011 01:38:41 - Removed Bonjour
RP1091: 07/04/2011 13:25:14 - Removed Age of Empires III
RP1092: 07/04/2011 14:58:37 - Installed Morrowind
RP1093: 09/04/2011 00:56:55 - Installed Tribunal
RP1094: 09/04/2011 00:59:04 - Installed Tribunal
RP1095: 09/04/2011 01:05:55 - Installed Bloodmoon
RP1096: 09/04/2011 03:00:20 - Software Distribution Service 3.0
RP1097: 12/04/2011 02:19:48 - System Checkpoint
RP1098: 13/04/2011 03:41:26 - System Checkpoint
RP1099: 14/04/2011 12:13:43 - Software Distribution Service 3.0
RP1100: 15/04/2011 16:18:04 - System Checkpoint
RP1101: 15/04/2011 18:37:28 - RegZooka Safe Scan Backup
RP1102: 16/04/2011 20:43:52 - System Checkpoint
RP1103: 17/04/2011 21:31:01 - System Checkpoint
RP1104: 18/04/2011 21:31:07 - System Checkpoint
RP1105: 20/04/2011 01:55:43 - System Checkpoint
RP1106: 21/04/2011 02:02:21 - System Checkpoint
RP1107: 22/04/2011 12:17:42 - System Checkpoint
RP1108: 23/04/2011 17:21:38 - System Checkpoint
RP1109: 26/04/2011 23:41:57 - System Checkpoint
RP1110: 27/04/2011 23:57:35 - System Checkpoint
RP1111: 28/04/2011 03:00:16 - Software Distribution Service 3.0
RP1112: 29/04/2011 03:32:58 - System Checkpoint
RP1113: 30/04/2011 03:00:16 - Software Distribution Service 3.0
RP1114: 01/05/2011 03:20:30 - System Checkpoint
RP1115: 01/05/2011 10:44:20 - Software Distribution Service 3.0
RP1116: 01/05/2011 10:48:12 - Software Distribution Service 3.0
RP1117: 01/05/2011 12:09:56 - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP1118: 01/05/2011 12:13:40 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Update Manager CS3
Ask Toolbar
AVG 2011
AVG PC Tuneup 2011
Belkin Wireless G USB Adapter Software
Bonjour
CameraHelperMsi
erLT
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Morrowind
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Driver
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Samsung PC Studio 2.0 PIM & File Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Segoe UI
Skype Toolbars
Skype™ 5.1
Tabbed Browsing (Windows Live Toolbar)
TravianManager
Trend Micro RUBotted 2.0 Beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2492386)
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.1
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
29/04/2011 15:49:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
29/04/2011 15:49:09, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
29/04/2011 14:04:01, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 04030209, parameter4 e23f31c8.
28/04/2011 03:00:20, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
01/05/2011 12:10:08, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
01/05/2011 11:37:53, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
01/05/2011 11:37:21, error: Service Control Manager [7023] - The gb service terminated with the following error: The specified module could not be found.
01/05/2011 11:08:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
01/05/2011 11:08:00, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/05/2011 11:07:59, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
Thanks.