Infected PC

  1. 23-04-2011  #1
    fraserma
    fraserma is offline Junior Member

    Infected PC

    I recieved an email from an old contact today asking me to stop sending him spam emails. These are apparently being sent unknowingly from my personal email account. I am using Thunderbird (current version) as my email program, using Eset SmartSecurity for virus protection, running WinXP Pro. All software is current and up to date. I have run virus scan several times with nothing detected. Have run SpyBot and Malware Bytes. Spyboy found a few things, malware bytes found nothing. Not sure what to do next. Can you help please?
  2. 23-04-2011  #2
    broni
    broni is offline Senior Member
    Do you see those emails in your "Sent" folder?
    If not, then it's not your fault.
    Someone else computer, which has your address in their address book, is infected.
  3. 23-04-2011  #3
    fraserma
    fraserma is offline Junior Member
    No I do not see anything in my sent items folder. I do however routinely see Message Delivery Failure notifications in my In Box. The email addresses that are targeted by these messages are old email accounts that no longer exist or were parts of old mail lists that I had. Those addresses appear with a "3c" in front of them. This is bizarre.
  4. 23-04-2011  #4
    broni
    broni is offline Senior Member
    If you want to....

    Please, complete all steps listed here: HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  5. 23-04-2011  #5
    fraserma
    fraserma is offline Junior Member
    More on this. I just logged into the Comcast Mail client through the Comcast website and voila, there are 196 items in the sent folder. None of these initiated by me. What could this mean?
  6. 23-04-2011  #6
    broni
    broni is offline Senior Member
    Follow my previous reply.
  7. 23-04-2011  #7
    fraserma
    fraserma is offline Junior Member
    Ran the various tools as suggested. Here are the logs:

    MalwareBytes Log

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 6422

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/22/2011 7:45:26 PM
    mbam-log-2011-04-22 (19-45-26).txt

    Scan type: Quick scan
    Objects scanned: 156399
    Time elapsed: 3 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER Log:

    GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-04-22 21:44:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006a ST380013AS rev.3.05
    Running: bcqwrs3s.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\pxtdapoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0x9CE0E610]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0x9CE0EC10]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0x9CE0E730]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0x9CE0E4B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0x9CE0E570]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0x9CE0E6D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0x9CE0E790]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0x9CE0E690]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0x9CE0E650]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0x9CE0E7D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0x9CE0E510]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0x9CE0E590]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0x9CE0E4D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0x9CE0E5D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0x9CE0E750]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB84F6000, 0x275B27, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA8EC1A80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[716] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1980] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

    ---- EOF - GMER 1.0.15 ----

    MBR Check Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000ffd

    Kernel Drivers (total 146):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xB9EF2000 nvata.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ED2000 fltmgr.sys
    0xB9EC0000 sr.sys
    0xB9EA9000 KSecDD.sys
    0xB9E1C000 Ntfs.sys
    0xB9DEF000 NDIS.sys
    0xB9DD5000 Mup.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB84A4000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xA92B4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xA928C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB5A42000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xAAB26000 \SystemRoot\system32\DRIVERS\serial.sys
    0xAA06B000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xA9278000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB5A32000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xA9254000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB5A12000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB967C000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xA9DF0000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xA9DE0000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xA9231000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB5A1A000 \SystemRoot\System32\DRIVERS\InCDPass.sys
    0xA9DD0000 \SystemRoot\System32\Drivers\incdrm.SYS
    0xB5A0A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xA913B000 \SystemRoot\system32\DRIVERS\RT2860.sys
    0xBA658000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xA9DC0000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0xAA7BD000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xA9DB0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xA9B50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xA9124000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xA9DA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xA9D90000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB04F8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xA9113000 \SystemRoot\system32\DRIVERS\psched.sys
    0xA9D80000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB04F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB04E8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xA90E3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xA9D70000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB04E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA65A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xA9085000 \SystemRoot\system32\DRIVERS\update.sys
    0xA9B38000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xA905F000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA903B000 \SystemRoot\system32\drivers\portcls.sys
    0xA9D60000 \SystemRoot\system32\drivers\drmk.sys
    0xA901B000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA8FBB000 \SystemRoot\system32\drivers\Senfilt.sys
    0xA94D1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9CF7E000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xA9441000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB235C000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9CF5F000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA488000 \SystemRoot\System32\drivers\vga.sys
    0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA644000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB5A5A000 \SystemRoot\System32\Drivers\InCDrec.SYS
    0x9CF26000 \SystemRoot\System32\Drivers\InCDfs.SYS
    0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA4A8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB5069000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x9CF13000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x9CEBA000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x9CEA8000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
    0x9CE82000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9CE5A000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB2C12000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9CE38000 \SystemRoot\System32\drivers\afd.sys
    0xB2C02000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9CE0D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xBA6BF000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0x9CD9D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB2BE2000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA4B0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB2BB2000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB2A3C000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA340000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA360000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xBA368000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB2BA2000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB2A38000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xB72DA000 \SystemRoot\System32\Drivers\LHidUsb.Sys
    0xB2341000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
    0xBA388000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
    0xAFF46000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB2331000 \SystemRoot\System32\Drivers\LMouFlt2.sys
    0xAFF42000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xAFF3A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x9CD84000 \SystemRoot\System32\Drivers\dump_nvata.sys
    0xA9333000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB956F000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3A0000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xAA1F0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF060000 \SystemRoot\System32\ati2cqag.dll
    0xBF10A000 \SystemRoot\System32\atikvmag.dll
    0xBF1B6000 \SystemRoot\System32\atiok3x2.dll
    0xBF21B000 \SystemRoot\System32\ati3duag.dll
    0xBF9C6000 \SystemRoot\System32\ativvaxx.dll
    0xBF5DE000 \SystemRoot\System32\ATMFD.DLL
    0x9A133000 \SystemRoot\system32\DRIVERS\eamon.sys
    0x9A111000 \SystemRoot\system32\DRIVERS\epfw.sys
    0x9A105000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xB5A52000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x99FF4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA616000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0x99EC3000 \SystemRoot\System32\Drivers\HTTP.sys
    0x99D2B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB22E1000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0x997B7000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x9953E000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA94A1000 \SystemRoot\system32\drivers\sysaudio.sys
    0x98047000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 62):
    0 System Idle Process
    4 System
    680 C:\WINDOWS\system32\smss.exe
    740 csrss.exe
    776 C:\WINDOWS\system32\winlogon.exe
    820 C:\WINDOWS\system32\services.exe
    832 C:\WINDOWS\system32\lsass.exe
    1000 C:\WINDOWS\system32\ati2evxx.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1096 svchost.exe
    1136 C:\Program Files\Windows Defender\MsMpEng.exe
    1176 C:\WINDOWS\system32\svchost.exe
    1200 C:\Program Files\Ahead\InCD\incdsrv.exe
    1312 C:\WINDOWS\system32\ati2evxx.exe
    1392 svchost.exe
    1532 svchost.exe
    1708 C:\WINDOWS\system32\spoolsv.exe
    1784 svchost.exe
    1816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1844 C:\Program Files\Bonjour\mDNSResponder.exe
    1884 C:\Program Files\Executive Software\Diskeeper\DkService.exe
    1904 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1956 C:\WINDOWS\system32\svchost.exe
    1980 C:\WINDOWS\system32\svchost.exe
    2020 C:\WINDOWS\system32\svchost.exe
    2044 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    196 C:\Program Files\Java\jre6\bin\jqs.exe
    236 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    268 C:\WINDOWS\system32\svchost.exe
    348 C:\WINDOWS\system32\svchost.exe
    368 C:\WINDOWS\system32\PnkBstrA.exe
    476 C:\WINDOWS\system32\svchost.exe
    528 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    620 C:\WINDOWS\system32\searchindexer.exe
    1044 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    1148 C:\WINDOWS\system32\wuauclt.exe
    1436 wmpnetwk.exe
    2204 <unknown>
    2428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2992 alg.exe
    3224 C:\WINDOWS\explorer.exe
    2400 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2576 C:\Program Files\Ahead\InCD\InCD.exe
    2572 C:\Program Files\Windows Defender\MSASCui.exe
    2588 C:\Program Files\ESET\ESET Smart Security\egui.exe
    2816 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3032 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    3008 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    3304 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3348 C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    3476 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4032 J:\Program Files\iTunes\iTunesHelper.exe
    4064 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2284 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3552 C:\Program Files\iPod\bin\iPodService.exe
    2116 C:\WINDOWS\system32\searchprotocolhost.exe
    2912 searchfilterhost.exe
    3200 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3512 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    3860 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3316 C:\WINDOWS\system32\searchprotocolhost.exe
    2248 C:\Documents and Settings\Mark\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`3aea4e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`b17a4600 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000011`16a2b400 (NTFS)
    \\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x0000002b`32bf5e00 (NTFS)
    \\.\K: --> \\.\PhysicalDrive1 at offset 0x0000004f`d1c01e00 (NTFS)

    PhysicalDrive0 Model Number: ST380013AS, Rev: 3.05
    PhysicalDrive1 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0

    DDS Log:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Mark at 22:13:47.85 on Fri 04/22/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1332 [GMT -5:00]
    .
    AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    J:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Mark\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
    mDefault_Page_URL = hxxp://ph.yahoo.com
    mStart Page = hxxp://ph.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [InCD] "c:\program files\ahead\incd\InCD.exe"
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpd igi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155665192975
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://aolsvc.aol.com/onlinegames/luxor/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles \33k6r40x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://ph.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: j:\program files\itunes\mozilla plugins\npitunes.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\mark\application data\Move Networks
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [2010-6-28 1005312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-04-22 22:54:55 -------- d-----w- c:\program files\iPod
    2011-04-22 22:52:58 -------- d-----w- c:\program files\Bonjour
    2011-04-22 15:35:52 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{7674d647-52da-47ce-91d9-b30f02649211}\mpengine.dll
    2011-04-21 15:06:12 -------- d-----w- c:\docume~1\mark\locals~1\applic~1\Temp
    2011-04-16 01:39:18 -------- d-----w- c:\docume~1\mark\applic~1\Malwarebytes
    2011-04-16 01:39:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-16 01:39:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-16 01:39:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-16 01:39:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-16 00:41:19 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2011-04-16 00:41:19 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2011-04-16 00:41:19 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2011-04-16 00:41:17 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 1311 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 1239 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    ============= FINISH: 22:14:44.90 ===============


    Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/15/2006 12:19:24 PM
    System Uptime: 4/22/2011 907 PM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | M2NPV-VM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3006/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 45 GiB total, 16.085 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 5.779 GiB free.
    E: is FIXED (NTFS) - 18 GiB total, 6.616 GiB free.
    F: is FIXED (NTFS) - 6 GiB total, 4.906 GiB free.
    G: is CDROM ()
    I: is FIXED (NTFS) - 173 GiB total, 122.049 GiB free.
    J: is FIXED (NTFS) - 146 GiB total, 125.971 GiB free.
    K: is FIXED (NTFS) - 146 GiB total, 134.478 GiB free.
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1976: 4/16/2011 10:19:23 AM - System Checkpoint
    RP1977: 4/17/2011 10:39:06 AM - System Checkpoint
    RP1978: 4/18/2011 1:14:35 PM - System Checkpoint
    RP1979: 4/18/2011 6:29:01 PM - Removed Adobe Reader 8.2.6
    RP1980: 4/18/2011 6:29:52 PM - Installed Adobe Reader X (10.0.1).
    RP1981: 4/19/2011 3:15:08 PM - Software Distribution Service 3.0
    RP1982: 4/20/2011 3:16:02 PM - System Checkpoint
    RP1983: 4/21/2011 4:16:08 PM - System Checkpoint
    RP1984: 4/21/2011 10:33:06 PM - Software Distribution Service 3.0
    RP1985: 4/22/2011 10:35:50 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    6500_E709_eDocs
    6500_E709_Help
    6500_E709n
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AsusUpdate
    Athlon 64 Processor Driver
    ATI Catalyst Install Manager
    Bonjour
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CCScore
    Chinese Traditional Fonts Support For Adobe Reader 8
    Command & Conquer™ 4 Tiberian Twilight
    Command & Conquer™ Red Alert™ 3
    Command & Conquer™ Red Alert™ 3 Uprising
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dawn of War - Dark Crusade
    Dawn of War - Soulstorm
    Destination Component
    DeviceDiscovery
    Diskeeper Home Edition
    DocMgr
    DocProc
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EA Download Manager
    EPSON Printer Software
    ESET Smart Security
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Fax
    GameSpy Arcade
    GameSpy Comrade
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Earth
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB938759)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 12.0
    HP Document Manager 2.0
    HP Imaging Device Functions 12.0
    HP Officejet 6500 E709 Series
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    InCD
    InterActual Player
    InterVideo WinDVD 4
    iSEEK AnswerWorks English Runtime
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Kodak EasyShare software
    Korean Fonts Support For Adobe Reader 8
    Linksys Wireless Manager
    Logitech MouseWare 9.79.1
    Luxor
    Luxor 2
    Luxor 3
    Luxor Mahjong
    Luxor: Amun Rising
    Luxor: Quest for the Afterlife
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.6.16)
    Mozilla Thunderbird (3.1.9)
    MSVCSetup
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MSXML4 Parser
    Nero 6
    NeroVision Express 2
    netbrdg
    Network
    Network Stumbler 0.4.0 (remove only)
    Norton PartitionMagic
    Norton PartitionMagic 8.0
    NVIDIA Drivers
    OCR Software by I.R.I.S. 12.0
    OfotoXMI
    OGA Notifier 2.0.0048.0
    ProductContext
    PunkBuster Services
    Pure Networks Platform
    Quicken 2011
    QuickTime
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    Shop for HP Supplies
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    Sid Meier's Civilization V
    skin0001
    SKINXSDK
    SmartWebPrinting
    SolutionCenter
    SoundMAX
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    StarCraft II
    staticcr
    Status
    Steam
    Time Zone Data Update Tool for Microsoft Office Outlook
    Toolbox
    Torchlight
    Tracks Eraser Pro v3.1
    TrayApp
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VPRINTOL
    Warhammer 40,000: Dawn Of War - Gold Edition
    Warhammer 40,000: Dawn of War II
    Warhammer 40,000: Dawn of War II - Chaos Rising
    Warhammer® 40,000®: Dawn of War® II – Retribution™
    WebFldrs XP
    WebReg
    WexTech AnswerWorks
    WinDirStat 1.1.2
    Windows 7 Upgrade Advisor Beta
    Windows Defender
    Windows Defender Signatures
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows PowerShell(TM) 1.0 MUI pack
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WIRELESS
    Xfire (remove only)
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/22/2011 7:57:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b0ba, parameter3 99087a00, parameter4 00000000.
    4/22/2011 7:25:09 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:09 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:08 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:08 PM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:08 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    4/22/2011 7:25:07 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:07 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:07 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:07 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:07 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    4/22/2011 7:25:07 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    4/22/2011 7:25:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/18/2011 12:38:59 PM, error: Service Control Manager [7038] - The Net Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/18/2011 12:38:59 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not start due to a logon failure.
    4/16/2011 9:26:51 AM, error: Dhcp [1002] - The IP address lease 192.168.1.9 for the Network Card with network address 00259CF89820 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/16/2011 9:26:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 00259CF89820 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/15/2011 3:12:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    4/15/2011 3:12:54 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/15/2011 3:12:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================


    Please advise next steps to take.
  8. 23-04-2011  #8
    broni
    broni is offline Senior Member
    Do NOT create new topic just to post required logs.
    This time, I merged both topics.

    MBRCheck log is incomplete.
    Please, redo.

    When done....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. 23-04-2011  #9
    fraserma
    fraserma is offline Junior Member
    Have tried running MBRCheck several times. Every time I run it my system locks up of I encounter a blue screen of death. The blue screen is indicating the following:

    A process or thread crucial to system operation has unexpectedly exited or terminated.

    ....

    Technical information:
    *** STOP: 0x000000F4 (0x00000003, 0X8A689850, 0x805D29B4)

    Here the log that remained from MBRCheck:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000ffd

    Kernel Drivers (total 146):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xB9EF2000 nvata.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ED2000 fltmgr.sys
    0xB9EC0000 sr.sys
    0xB9EA9000 KSecDD.sys
    0xB9E1C000 Ntfs.sys
    0xB9DEF000 NDIS.sys
    0xB9DD5000 Mup.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB8449000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xA90AA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xA9082000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB1206000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xAA6B7000 \SystemRoot\system32\DRIVERS\serial.sys
    0xAA124000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xA906E000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB11FE000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xA904A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB11F6000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xAA6A7000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xAA697000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xAA687000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xA9027000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB11EE000 \SystemRoot\System32\DRIVERS\InCDPass.sys
    0xAA677000 \SystemRoot\System32\Drivers\incdrm.SYS
    0xB11E6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xA8F31000 \SystemRoot\system32\DRIVERS\RT2860.sys
    0xBA656000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xAA667000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0xAA518000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xAA657000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xA9DF6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xA8F1A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xA9FB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xA9FA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB11DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xA8F09000 \SystemRoot\system32\DRIVERS\psched.sys
    0xA9F96000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB11D6000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB11CE000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xA8ED9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xA9F86000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB11C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB11BE000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA658000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xA8E7B000 \SystemRoot\system32\DRIVERS\update.sys
    0xA9DDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xA8E55000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA8E31000 \SystemRoot\system32\drivers\portcls.sys
    0xA9F76000 \SystemRoot\system32\drivers\drmk.sys
    0xA8E11000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA8DB1000 \SystemRoot\system32\drivers\Senfilt.sys
    0xA9F66000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9CD74000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0xB1F9A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB9538000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA662000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA664000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA918E000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA666000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9CD55000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA340000 \SystemRoot\System32\drivers\vga.sys
    0xBA668000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB503C000 \SystemRoot\System32\Drivers\InCDrec.SYS
    0x9CD1C000 \SystemRoot\System32\Drivers\InCDfs.SYS
    0xBA360000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA368000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB5038000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x9CD09000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x9CCB0000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x9CC9E000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
    0x9CC78000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x9CC50000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA914E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9CC2E000 \SystemRoot\System32\drivers\afd.sys
    0xA913E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9CC03000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB14EE000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0x9CB93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA911E000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA370000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA90EE000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB17F3000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA378000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA380000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xBA388000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA90DE000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xB17EF000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xA90BE000 \SystemRoot\System32\Drivers\LHidUsb.Sys
    0xB2B1A000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
    0xBA390000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
    0xB17EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB2B0A000 \SystemRoot\System32\Drivers\LMouFlt2.sys
    0xB17DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB154F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x9CB7A000 \SystemRoot\System32\Drivers\dump_nvata.sys
    0xBA5C0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB153B000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA398000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xB10DB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF060000 \SystemRoot\System32\ati2cqag.dll
    0xBF10A000 \SystemRoot\System32\atikvmag.dll
    0xBF1B6000 \SystemRoot\System32\atiok3x2.dll
    0xBF21B000 \SystemRoot\System32\ati3duag.dll
    0xBF9C6000 \SystemRoot\System32\ativvaxx.dll
    0xBF5DE000 \SystemRoot\System32\ATMFD.DLL
    0x99D8D000 \SystemRoot\system32\DRIVERS\eamon.sys
    0x99D6B000 \SystemRoot\system32\DRIVERS\epfw.sys
    0xB95B0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAA21F000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xA97DA000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x99C4E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB27C4000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0x99AF5000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9995D000 \SystemRoot\system32\DRIVERS\srv.sys
    0x99A6D000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0x99371000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x991AC000 \SystemRoot\system32\drivers\wdmaud.sys
    0x995ED000 \SystemRoot\system32\drivers\sysaudio.sys
    0x96DC1000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 61):
    0 System Idle Process
    4 System
    680 C:\WINDOWS\system32\smss.exe
    740 csrss.exe
    776 C:\WINDOWS\system32\winlogon.exe
    820 C:\WINDOWS\system32\services.exe
    832 C:\WINDOWS\system32\lsass.exe
    1000 C:\WINDOWS\system32\ati2evxx.exe
    1016 C:\WINDOWS\system32\svchost.exe
    1088 svchost.exe
    1136 C:\Program Files\Windows Defender\MsMpEng.exe
    1176 C:\WINDOWS\system32\svchost.exe
    1196 C:\Program Files\Ahead\InCD\incdsrv.exe
    1280 svchost.exe
    1420 svchost.exe
    1500 C:\WINDOWS\system32\ati2evxx.exe
    1708 C:\WINDOWS\system32\spoolsv.exe
    1784 svchost.exe
    1816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1836 C:\Program Files\Bonjour\mDNSResponder.exe
    1868 C:\Program Files\Executive Software\Diskeeper\DkService.exe
    1892 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1980 C:\WINDOWS\system32\svchost.exe
    2008 C:\WINDOWS\system32\svchost.exe
    136 C:\WINDOWS\system32\svchost.exe
    188 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    308 C:\Program Files\Java\jre6\bin\jqs.exe
    348 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    388 C:\WINDOWS\system32\svchost.exe
    476 C:\WINDOWS\system32\svchost.exe
    492 C:\WINDOWS\system32\PnkBstrA.exe
    564 C:\WINDOWS\system32\svchost.exe
    656 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    696 C:\WINDOWS\system32\searchindexer.exe
    1380 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    1484 C:\WINDOWS\system32\wuauclt.exe
    1608 wmpnetwk.exe
    2476 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2880 alg.exe
    3248 C:\WINDOWS\explorer.exe
    3436 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    3468 C:\Program Files\Ahead\InCD\InCD.exe
    3476 C:\Program Files\Windows Defender\MSASCui.exe
    3484 C:\Program Files\ESET\ESET Smart Security\egui.exe
    3496 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3692 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    4060 C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    2504 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    1444 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    2132 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3404 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4000 J:\Program Files\iTunes\iTunesHelper.exe
    4072 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3516 C:\Program Files\iPod\bin\iPodService.exe
    3872 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3552 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    2060 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3720 C:\WINDOWS\system32\searchprotocolhost.exe
    472 searchfilterhost.exe
    3372 C:\WINDOWS\system32\wscntfy.exe
    1924 C:\Documents and Settings\Mark\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`3aea4e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`b17a4600 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000011`16a2b400 (NTFS)
    \\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x0000002b`32bf5e00 (NTFS)
    \\.\K: --> \\.\PhysicalDrive1 at offset 0x0000004f`d1c01e00 (NTFS)

    PhysicalDrive0 Model Number: ST380013AS, Rev: 3.05
    PhysicalDrive1 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0

    I am going to run ComboFix as instructed and will post those results.
  10. 23-04-2011  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Ok....
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Tazinga Virus | Redirected from google »