1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Instruction @ 0x7c91b21a ref. memory@ "00000010"

Discussion in 'Malware and Virus Removal Archive' started by jgirone, 2010/09/01.

Thread Status:
Not open for further replies.
  1. 2010/09/01
    jgirone

    jgirone Inactive Thread Starter

    Joined:
    2010/09/01
    Messages:
    1
    Likes Received:
    0
    [Inactive] Instruction @ 0x7c91b21a ref. memory@ "00000010 "

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by jgirone at 23:42:34.85 on Wed 09/01/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.325 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\system32\hpzipm12.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\jgirone\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://msn.com/
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {CD292324-974F-4224-D074-CACA427AA030} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228995638656
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228995626375
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
    Hosts: 192.168.1.10 NPI99C809

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-22 312912]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-22 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-22 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-20 54760]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-21 303952]
    R2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-21 20824]
    S0 hffeltf;hffeltf;c:\windows\system32\drivers\qndvkler.sys --> c:\windows\system32\drivers\qndvkler.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2006-4-29 9344]
    S3 iscFlash;iscFlash;\??\c:\windows\system32\drivers\iscflash.sys --> c:\windows\system32\drivers\iscflash.sys [?]
    S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]

    =============== Created Last 30 ================

    2010-09-02 03:13:37 0 d-----w- c:\windows\system32\CatRoot2
    2010-09-02 00:13:16 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
    2010-09-01 22:19:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-01 00:52:33 0 dc----w- C:\I386
    2010-08-26 07:18:21 0 d-----w- c:\windows\setup.pss
    2010-08-26 06:42:01 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-08-26 06:42:00 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-08-26 06:41:59 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-08-26 06:41:59 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-08-26 06:41:58 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-08-26 06:41:15 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-08-26 06:41:15 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
    2010-08-26 06:41:13 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-08-26 06:41:11 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-08-26 06:40:58 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-08-26 06:40:55 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2010-08-25 14:56:37 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2010-08-25 14:56:05 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-08-25 14:56:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-08-25 14:55:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-08-25 14:55:18 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-08-25 14:55:18 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-08-25 14:55:10 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-08-25 14:55:09 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
    2010-08-25 14:55:09 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-08-25 14:55:08 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-08-25 14:53:58 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
    2010-08-25 14:52:54 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-08-25 14:51:58 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2010-08-25 14:50:50 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2010-08-25 14:49:58 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
    2010-08-25 14:49:38 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
    2010-08-25 14:49:37 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
    2010-08-25 14:49:36 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
    2010-08-25 14:49:35 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
    2010-08-25 14:49:30 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
    2010-08-25 14:49:26 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
    2010-08-25 14:49:26 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
    2010-08-25 14:49:25 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
    2010-08-25 14:49:24 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
    2010-08-25 14:49:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
    2010-08-25 14:49:23 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2010-08-25 14:49:22 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
    2010-08-25 14:47:58 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2010-08-25 14:46:59 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
    2010-08-25 14:45:45 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-08-25 14:45:41 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-08-25 14:45:40 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-08-25 14:45:37 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-08-25 14:45:30 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-08-25 14:45:30 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-08-25 14:45:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-08-25 14:45:25 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
    2010-08-25 14:45:17 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
    2010-08-25 14:45:12 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
    2010-08-25 14:45:12 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
    2010-08-25 14:45:08 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
    2010-08-25 14:45:00 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
    2010-08-25 14:43:53 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-08-25 14:43:50 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-08-25 14:43:21 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2010-08-25 14:43:20 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-08-25 14:43:19 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
    2010-08-25 14:43:17 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2010-08-25 14:43:03 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2010-08-25 14:41:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
    2010-08-25 14:40:57 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-08-25 14:39:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-08-25 14:38:36 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2010-08-25 14:37:58 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
    2010-08-25 14:36:58 25159 -c--a-w- c:\windows\system32\dllcache\elnk3.sys
    2010-08-25 14:35:58 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
    2010-08-25 14:34:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
    2010-08-25 14:33:59 66082 -c--a-w- c:\windows\system32\dllcache\c_20924.nls
    2010-08-25 14:32:57 66728 -c--a-w- c:\windows\system32\dllcache\big5.nls
    2010-08-25 14:31:54 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
    2010-08-25 14:30:22 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-08-25 11:05:29 0 dcsh--w- c:\documents and settings\jgirone\IECompatCache
    2010-08-25 11:04:26 0 dc----w- c:\docume~1\jgirone\applic~1\EmailNotifier
    2010-08-25 11:04:22 0 dcsh--w- c:\documents and settings\jgirone\PrivacIE
    2010-08-22 17:27:47 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-08-22 17:27:15 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-22 16:55:59 0 dc----w- c:\docume~1\jgirone\applic~1\oovootb
    2010-08-22 16:48:18 0 dc----w- c:\docume~1\jgirone\applic~1\ooVoo Details
    2010-08-22 16:47:32 0 dc----w- c:\docume~1\jgirone\applic~1\WTablet
    2010-08-20 17:54:04 0 d-----w- c:\windows\system32\winrm
    2010-08-20 17:53:58 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-08-20 17:46:33 0 d-----w- c:\program files\Microsoft Office Outlook Connector
    2010-08-20 17:45:38 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2010-08-20 17:43:10 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-08-20 17:42:56 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-20 17:41:01 0 d-----w- c:\program files\Microsoft
    2010-08-20 17:40:36 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-08-20 17:15:37 0 d-----w- c:\program files\common files\Windows Live
    2010-08-20 17:13:38 0 d-----w- c:\windows\system32\DRM
    2010-08-20 17:07:15 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-08-18 18:04:22 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2010-08-18 17:40:12 0 d-----w- c:\program files\Microsoft Visual Studio 8
    2010-08-18 05:46:47 0 d-----w- c:\windows\system32\wbem\Repository
    2010-08-18 05:46:12 0 dc----w- c:\docume~1\alluse~1\applic~1\TuneUpMedia
    2010-08-18 05:46:12 0 d-----w- c:\program files\TuneUpMedia
    2010-08-18 05:45:20 0 dc----w- C:\Downloads
    2010-08-16 22:10:38 0 dc----w- c:\docume~1\alluse~1\applic~1\Alwil Software

    ==================== Find3M ====================

    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2009-12-20 14:50:24 378030312 ----a-w- c:\program files\Adobe.zip
    2009-04-02 20:03:36 66361376 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-04-02 20:03:36 698400 --sha-w- c:\windows\system32\drivers\fidbox2.dat

    ============= FINISH: 23:43:39.37 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/20/2009 5:24:00 PM
    System Uptime: 9/1/2010 11:25:41 PM (0 hours ago)

    Motherboard: Intel Corporation | | D845PT
    Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | J1D1 | 1595/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 21.986 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 14.218 GiB free.
    E: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&268D196D&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&268D196D&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP302: 8/31/2010 5:53:57 PM - System Checkpoint
    RP303: 9/1/2010 6:18:53 PM - Installed Java(TM) 6 Update 21
    RP304: 9/1/2010 11:24:05 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop 7.0
    Adobe Photoshop CS3
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AOL Instant Messenger
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Ask Toolbar
    avast! Pro Antivirus
    Bonjour
    CardRd81
    CCleaner
    CCScore
    CR2
    ESSBrwr
    ESSCDBK
    ESScore
    ESSCT
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    ESSTUTOR
    ESSvpaht
    ESSvpot
    Gateway Desktop Manager
    Gateway IE Customizations
    Gateway Power Management
    GdiplusUpgrade
    GTW V.92 Voice Modem
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HLPIndex
    HLPPDOCK
    HLPRFO
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Color LaserJet 2820/2830/2840 2.0
    HP Product Detection
    HP Software Update
    hpp2800usg
    hppCLJ2800
    hppDustDevil
    hppFaxDrv
    hppFonts
    hppIOFiles
    hppManuals2800
    hppscan2800
    hppScanTo
    hppSendFax
    hppTooCool
    Intel(R) Network Connections Drivers
    iPhone Configuration Utility
    iPod for Windows 2005-11-17
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 21
    Junk Mail filter update
    Kodak EasyShare software
    KSU
    LiveReg (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.6)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    NETGEAR WG311v3 802.11g Wireless PCI Adapter
    Notifier
    NVIDIA Windows 2000/XP Display Drivers
    OGA Notifier 2.0.0048.0
    ooVoo
    ooVoo Toolbar (Remove Toolbar Only)
    OTtBP
    OTtBPSDK
    PDF Settings
    QuickTime
    RealPlayer
    RPS CRT
    Safari
    SANYO Digital Camera Driver
    Scan
    Security Task Manager 1.7g
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    SFR
    SHASTA
    SKIN0001
    SKINXSDK
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Tablet
    The Sims House Party
    The Sims Unleashed
    TuneUp Companion 1.5.9
    Ulead COOL 360 1.0
    Ulead Photo Explorer 8.0 SE Basic
    Uninstall 1.0.0.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Verizon Broadband Toolbar
    Verizon FiOS Connection Wizard
    Verizon High Speed Internet
    Verizon Online DSL
    Verizon Servicepoint 1.5.22
    Viewpoint Manager (Remove Only)
    VPRINTOL
    Vuze
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows Search 4.0
    Windows XP Service Pack 3
    WinZip
    WIRELESS
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    9/1/2010 1:59:04 AM, information: Windows File Protection [64021] - The system file c:\windows\ime\chsime\applets\pintlcsd.dll could not be copied into the DLL cache. The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ]. This file is necessary to maintain system stability.
    9/1/2010 1:52:44 AM, information: Windows File Protection [64021] - The system file c:\windows\ime\imjp8_1\applets\hwxjpn.dll could not be copied into the DLL cache. The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ]. This file is necessary to maintain system stability.
    8/30/2010 3:06:43 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'vps_32-29a.vpx' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/28/2010 11:30:12 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    8/28/2010 11:29:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'alrt_204.data' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/28/2010 11:29:27 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/26/2010 2:42:05 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
    8/26/2010 2:40:28 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\program files\windows media player\wmpns.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.4503.
    8/26/2010 2:17:11 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\digiisdn.dll could not be copied into the DLL cache. The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ]. This file is necessary to maintain system stability.
    8/26/2010 1:30:19 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\iisui.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/26/2010 1:30:19 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is jgirone.
    8/26/2010 1:30:12 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisrstap.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/26/2010 1:30:08 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\iisreset.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/26/2010 1:28:48 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\ftpsapi2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/26/2010 1:28:05 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/26/2010 1:21:42 AM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    8/25/2010 9:28:30 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    8/25/2010 9:09:26 AM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
    8/25/2010 9:09:26 AM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
    8/25/2010 9:09:26 AM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the file specified.
    8/25/2010 9:09:26 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
    8/25/2010 9:09:26 AM, error: Service Control Manager [7000] - The Portable Media Serial Number Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    8/25/2010 9:09:22 AM, error: UPS [2481] - The UPS service is not configured correctly.
    8/25/2010 8:37:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TabletService service.
    8/25/2010 10:58:09 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\program files\windows media player\wmpns.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.3250.
    8/25/2010 10:51:44 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\strmfilt.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.5512.
    8/25/2010 10:51:41 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\strmfilt.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.5891.
    8/25/2010 10:39:41 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\program files\internet explorer\iedw.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    8/25/2010 10:39:40 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\program files\internet explorer\iedw.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
    8/25/2010 10:39:03 AM, information: Windows File Protection [64021] - The system file c:\windows\ime\imkr6_1\applets\hwxkor.dll could not be copied into the DLL cache. The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ]. This file is necessary to maintain system stability.
    8/25/2010 10:38:40 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\httpapi.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    8/25/2010 10:38:39 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\httpapi.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5891.
    8/25/2010 10:38:39 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\http.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    8/25/2010 10:38:38 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\http.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5891.
    8/25/2010 10:37:24 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\extmgr.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
    8/25/2010 10:37:23 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\extmgr.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.6000.16945.
    8/25/2010 10:33:37 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\bthport.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    8/25/2010 10:33:34 AM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\drivers\bthport.sys has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5620.
    8/25/2010 10:30:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'oembios.bin.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    ==== End Of File ===========================

    The above noticed after turned on some services that have since been reverted to "manual" and persist despite several runs of sfc scannow and after CCleaner & Dial-a-Fix use. Previous serious viral/trojan infections cleared with Avast, Malawarebytes and Stopzilla in the past, but error only developed after services all turned on in attempt to speed up Windows Explorer tasks (not IE) that were noticeably slowed in one user acct that Ihave since inactivated. Fully updated XP Pro SP3 on automatic update without any failures.

    Any help would be appreciated--thnx!

    Joe
     
    jgirone,
    #1
  2. 2010/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scan.***

    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...