Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Browser redirect / possible trojan or malware

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
cough
Junior Member


Joined: 20 Jul 2012
Last Visit: 25 Jul 2012
Posts: 11

PostPosted: Fri Jul 20, 2012 8:17 pm    Post subject: Browser redirect / possible trojan or malware Reply with quote

Hello. I am a first time poster. When clicking on a search result from google or yahoo search, my browser redirects me to some other site than requested.

The DDS logs are attached. Thanks for all your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by ADMIN at 23:53:27 on 2012-07-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1176 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\aswMBR.exe
C:\Documents and Settings\ADMIN\My Documents\Downloads\OTL.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\admin\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dmoint] rundll32.exe
mRun: [isvpkr] "c:\windows\system32\rundll32.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\magicj~1.lnk - c:\documents and settings\admin\application data\mjusbsp\magicJackLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270777262124
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{36BCE01F-3DF2-4D42-A84A-56A9CC575098} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\h9atrq7s.default\
FF - prefs.js: browser.search.selectedEngine - weather.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\h9atrq7s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-18 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-18 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-18 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-18 66616]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-11 315392]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-19 218688]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys --> c:\windows\system32\drivers\lgandbus.sys [?]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys --> c:\windows\system32\drivers\lganddiag.sys [?]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys --> c:\windows\system32\drivers\lgandgps.sys [?]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys --> c:\windows\system32\drivers\lgandmodem.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2012-07-21 02:07:11 -------- d-----w- c:\windows\pss
2012-07-18 04:45:13 -------- d-----w- c:\documents and settings\admin\application data\Windows Search
2012-07-12 13:37:57 -------- d-----w- c:\documents and settings\admin\local settings\application data\{C97142EE-CC26-11E1-8270-B8AC6F996F26}
2012-07-04 02:12:35 -------- d-----w- c:\documents and settings\admin\local settings\application data\Identities
2012-07-04 02:11:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-04 02:11:29 -------- d-----w- c:\program files\Windows Desktop Search
2012-07-01 12:40:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-07-13 02:22:10 59 ----a-w- c:\windows\wpd99.drv
2012-07-01 12:30:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 12:30:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 04:25:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-27 04:25:29 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-27 04:25:29 472864 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A1314B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a13893c]; MOV EAX, [0x8a138ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A5F2AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A1AEF18]
\Driver\atapi[0x8A648B10] -> IRP_MJ_CREATE -> 0x8A1314B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1312E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:54:41.40 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2010 6:18:02 PM
System Uptime: 7/20/2012 10:11:29 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WF810
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2990/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 46.544 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP374: 5/6/2012 11:50:31 PM - System Checkpoint
RP375: 5/7/2012 11:58:27 PM - System Checkpoint
RP376: 5/9/2012 12:58:26 AM - System Checkpoint
RP377: 5/10/2012 1:58:27 AM - System Checkpoint
RP378: 5/11/2012 2:58:27 AM - System Checkpoint
RP379: 5/12/2012 3:58:26 AM - System Checkpoint
RP380: 5/13/2012 3:58:31 AM - System Checkpoint
RP381: 5/14/2012 4:58:31 AM - System Checkpoint
RP382: 5/15/2012 5:58:32 AM - System Checkpoint
RP383: 5/16/2012 6:23:23 AM - System Checkpoint
RP384: 5/17/2012 7:23:23 AM - System Checkpoint
RP385: 5/18/2012 8:41:38 AM - System Checkpoint
RP386: 5/19/2012 9:26:01 AM - System Checkpoint
RP387: 5/20/2012 9:27:08 AM - System Checkpoint
RP388: 5/21/2012 10:23:28 AM - System Checkpoint
RP389: 5/22/2012 11:23:28 AM - System Checkpoint
RP390: 5/23/2012 12:23:28 PM - System Checkpoint
RP391: 5/24/2012 1:23:29 PM - System Checkpoint
RP392: 5/25/2012 2:23:28 PM - System Checkpoint
RP393: 5/26/2012 3:23:29 PM - System Checkpoint
RP394: 5/27/2012 5:06:35 PM - System Checkpoint
RP395: 5/28/2012 5:23:28 PM - System Checkpoint
RP396: 5/29/2012 5:52:09 PM - System Checkpoint
RP397: 5/30/2012 6:11:37 PM - System Checkpoint
RP398: 5/31/2012 7:11:37 PM - System Checkpoint
RP399: 6/1/2012 8:11:37 PM - System Checkpoint
RP400: 6/2/2012 9:38:01 PM - System Checkpoint
RP401: 6/3/2012 10:11:37 PM - System Checkpoint
RP402: 6/4/2012 8:22:48 PM - Installed OTC Scanning Suite
RP403: 6/5/2012 9:11:37 PM - System Checkpoint
RP404: 6/6/2012 9:11:50 PM - System Checkpoint
RP405: 6/7/2012 10:11:50 PM - System Checkpoint
RP406: 6/8/2012 8:59:28 PM - Installed OTC Scanning Suite
RP407: 6/9/2012 9:11:50 PM - System Checkpoint
RP408: 6/10/2012 10:11:51 PM - System Checkpoint
RP409: 6/11/2012 11:11:50 PM - System Checkpoint
RP410: 6/13/2012 12:43:33 AM - System Checkpoint
RP411: 6/14/2012 2:18:20 AM - System Checkpoint
RP412: 6/15/2012 2:38:14 AM - System Checkpoint
RP413: 6/16/2012 3:38:14 AM - System Checkpoint
RP414: 6/17/2012 4:38:14 AM - System Checkpoint
RP415: 6/18/2012 5:38:15 AM - System Checkpoint
RP416: 6/19/2012 6:38:15 AM - System Checkpoint
RP417: 6/20/2012 7:38:14 AM - System Checkpoint
RP418: 6/21/2012 7:38:25 AM - System Checkpoint
RP419: 6/22/2012 8:43:25 AM - System Checkpoint
RP420: 6/23/2012 9:38:25 AM - System Checkpoint
RP421: 6/24/2012 10:38:25 AM - System Checkpoint
RP422: 6/25/2012 10:39:31 AM - System Checkpoint
RP423: 6/26/2012 11:38:25 AM - System Checkpoint
RP424: 6/27/2012 12:38:25 PM - System Checkpoint
RP425: 6/28/2012 12:38:32 PM - System Checkpoint
RP426: 6/29/2012 1:38:32 PM - System Checkpoint
RP427: 6/30/2012 1:53:16 PM - System Checkpoint
RP428: 7/1/2012 9:19:18 AM - Software Distribution Service 3.0
RP429: 7/2/2012 3:00:33 AM - Software Distribution Service 3.0
RP430: 7/3/2012 3:51:07 AM - System Checkpoint
RP431: 7/3/2012 10:10:58 PM - Installed Windows XP KB915800-v4.
RP432: 7/3/2012 10:11:26 PM - Installed Windows XP Windows Search 4.0.
RP433: 7/4/2012 11:32:31 PM - System Checkpoint
RP434: 7/5/2012 3:00:15 AM - Software Distribution Service 3.0
RP435: 7/6/2012 3:21:02 AM - System Checkpoint
RP436: 7/7/2012 4:21:01 AM - System Checkpoint
RP437: 7/8/2012 5:21:01 AM - System Checkpoint
RP438: 7/9/2012 5:21:07 AM - System Checkpoint
RP439: 7/10/2012 6:21:07 AM - System Checkpoint
RP440: 7/11/2012 3:00:23 AM - Software Distribution Service 3.0
RP441: 7/12/2012 3:27:02 AM - System Checkpoint
RP442: 7/13/2012 4:27:02 AM - System Checkpoint
RP443: 7/14/2012 5:18:25 AM - System Checkpoint
RP444: 7/15/2012 6:18:25 AM - System Checkpoint
RP445: 7/16/2012 7:18:25 AM - System Checkpoint
RP446: 7/17/2012 8:58:26 AM - System Checkpoint
RP447: 7/18/2012 12:46:58 AM - Restore Operation
RP448: 7/18/2012 12:49:52 AM - Restore Operation
RP449: 7/18/2012 12:52:42 AM - Restore Operation
RP450: 7/20/2012 11:44:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Ad-aware 6 Personal
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
Avira AntiVir Personal - Free Antivirus
Broadcom Gigabit Integrated Controller
BufferChm
Cisco Connect
Coupon Printer for Windows
Dell Driver Download Manager
Dell Support 3.2.1
Destinations
DeviceDiscovery
DocMgr
DocProc
Eraser 6.0.9.2343
Fax
FLVPlayer4Free Free FLV Player 3.8.0.0
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 32
magicJack
MediaImpression 2.0 for PENTAX
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Mozilla Firefox 13.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Novacomd
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 13.0
OTC Scanning Suite
Pdf995
PHOTOfunSTUDIO
Readon TV Movie Radio Player 7.6.0.0
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
Status
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (01/07/2010 2.0.0)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinIPConfig
WinRAR 4.00 (32-bit)
ZOTAC FireStorm
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 9:59:12 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
7/18/2012 12:53:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/18/2012 12:44:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:44:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2012 12:43:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/18/2012 12:43:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/18/2012 12:39:12 AM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
7/17/2012 10:17:50 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
7/17/2012 10:17:43 PM, error: Service Control Manager [7034] - The McciServiceHost service terminated unexpectedly. It has done this 1 time(s).
7/13/2012 7:41:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/13/2012 7:14:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/13/2012 6:57:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00188B5CABF6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/13/2012 1:30:03 PM, error: Print [6161] - The document Print Chewy Rum Sugar Cookies | Just A Pinch Recipe Club owned by ADMIN failed to print on printer HP Officejet 4500 G510n-z. Data type: NT EMF 1.008. Size of the spool file in bytes: 550908. Number of bytes printed: 550908. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\MIKE. Win32 error code returned by the print processor: 0 (0x0).
7/13/2012 1:29:57 PM, error: Print [6161] - The document Print Chewy Rum Sugar Cookies | Just A Pinch Recipe Club owned by ADMIN failed to print on printer HP Officejet 4500 G510n-z. Data type: NT EMF 1.008. Size of the spool file in bytes: 551032. Number of bytes printed: 551032. Total number of pages in the document: 1. Number of pages printed: 2. Client machine: \\MIKE. Win32 error code returned by the print processor: 0 (0x0).
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Oct 2014
Posts: 4680
Location: Land Of The Leprechauns

PostPosted: Sat Jul 21, 2012 2:17 am    Post subject: Reply with quote

Duplicate post therefore closed.
http://spywarewarrior.com/viewtopic.php?t=34550

Please wait for a reply to your other topic.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group