0

Hi there I have been having a hard time with the rediction of pages, I got the Antivir Pro solutions a few days back , I go t rid of it but after that everytime i open a browser page another one opens, and every link i click on a search gets redirected to another page , i have used many antisapywares and malwares , antivirus , and the problem is stil there.
After using the Microsoft® Windows® Malicious Software Removal Tool it asaid that I have a virus , Win32/Alureon.H. here are all the logs needed , I would appreciate if someone help to resolve this issue , is the machine I use to work and is driving me crazy.

Thanks in advance.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4437

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/16/2010 6:16:05 PM
mbam-log-2010-08-16 (18-16-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 181087
Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 15:45:52
Windows 5.1.2600 Service Pack 2
Running: 3z22ktwp.exe; Driver: C:\DOCUME~1\Jack\LOCALS~1\Temp\uwtcqkoc.sys


---- Devices - GMER 1.0.15 ----

Device A ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device A Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device A Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice A fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8975FEC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 17:11:11
Windows 5.1.2600 Service Pack 2
Running: 3z22ktwp.exe; Driver: C:\DOCUME~1\Jack\LOCALS~1\Temp\uwtcqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xAF5C34FE]

---- Devices - GMER 1.0.15 ----

Device A ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device A Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device A Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\Modem \Device\00000071 COMFiltr.sys

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device A mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice A fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device A Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8975FEC5
---- Processes - GMER 1.0.15 ----

Library g:\f9cfed54c53025f5de43\mrtstub.exe (*** hidden *** ) @ g:\f9cfed54c53025f5de43\mrtstub.exe [3100] 0x01000000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jack at 18:17:47.06 on Mon 08/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1513 [GMT -4:00]

AV: Panda Internet Security 2011 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
svchost.exe
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jack\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:6522
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2011\Inicio.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [cembvnvb] c:\documents and settings\networkservice\local settings\application data\kadbtlnay\uhjgasotssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icatch~1.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.att.net/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-8-13 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-8-13 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-8-13 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-8-13 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-8-13 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-8-13 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-8-13 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-8-13 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-8-13 59080]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2010-7-15 238824]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2011\PsCtrlS.exe [2010-8-13 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2011\PavFnSvr.exe [2010-8-13 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-8-13 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-8-13 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2011\pavsrvx86.exe [2010-8-13 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2011\psksvc.exe [2010-8-13 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-8-13 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-8-13 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S1 wlmckvvc;wlmckvvc;\??\c:\windows\system32\drivers\wlmckvvc.sys --> c:\windows\system32\drivers\wlmckvvc.sys [?]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2010-7-15 6656]
S3 DUBE100;D-Link DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2008-8-31 11935]

============== File Associations ===============

cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-08-16 21:28:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 21:28:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 21:28:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 18:57:50 40840 ----a-w- c:\windows\system32\drivers\TERMDD.SYS
2010-08-16 16:53:31 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-13 22:37:48 0 d-----w- c:\program files\Microsoft Games
2010-08-13 17:02:00 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2010-08-13 16:47:11 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-08-13 16:40:46 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-08-13 16:40:40 200764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-08-13 16:40:40 200764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-08-13 16:40:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-08-13 16:40:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-08-13 16:40:34 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-08-13 16:40:34 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-08-13 16:40:34 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-08-13 16:40:11 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-08-13 16:40:11 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-08-13 16:40:11 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-08-13 16:40:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-08-13 16:40:06 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-13 16:39:41 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-08-13 16:39:20 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-08-13 16:39:01 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-08-13 16:39:01 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-08-13 16:39:01 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-08-13 16:39:01 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-08-13 16:38:59 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-08-13 16:38:52 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-08-13 16:38:45 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-08-13 16:38:45 55552 ----a-w- c:\windows\system32\avldr.dll
2010-08-13 16:38:45 0 d-----w- c:\windows\system32\PAV
2010-08-13 16:38:42 0 d-----w- c:\docume~1\jack\applic~1\Panda Security
2010-08-13 16:38:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-08-13 16:34:14 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-08-13 16:34:14 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-08-13 16:24:53 0 d-----w- C:\SMCLPAV
2010-08-13 15:25:49 20 ----a-w- C:\GINA.TEXT
2010-08-13 15:17:42 0 d-----w- c:\program files\common files\Panda Security
2010-08-12 14:00:55 0 d-----w- c:\program files\Panda Security
2010-08-12 13:54:47 0 d-----w- c:\program files\CCleaner
2010-08-12 02:03:22 0 d-----w- c:\docume~1\jack\applic~1\Malwarebytes
2010-08-12 02:03:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-07 17:13:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-27 00:39:29 0 d-sh--w- c:\windows\ftpcache
2010-07-19 18:41:31 41 ----a-w- C:\WLANCUGINA.TEXT

==================== Find3M ====================

2010-08-08 03:26:19 2572 ----a-w- c:\windows\system32\ASOROSet.bin
2010-07-17 20:43:07 87608 -c--a-w- c:\docume~1\jack\applic~1\inst.exe
2010-07-17 20:43:07 47360 -c--a-w- c:\docume~1\jack\applic~1\pcouffin.sys
2010-07-17 20:43:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-16 13:36:31 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-27 00:24:31 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 18:19:16.64 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/25/2008 12:00:23 AM
System Uptime: 8/16/2010 5:15:53 PM (1 hours ago)

Motherboard: Intel Corporation | | D845EPI
Processor: Intel(R) Celeron(R) CPU 2.40GHz | X1 | 2399/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 20.579 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 67.956 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10008086&REV_04\4&2AF9ED5&0&10F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10008086&REV_04\4&2AF9ED5&0&10F0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

1Click DVD Copy 5.4.3.8
Adobe Flash Player 10 ActiveX
Adobe PageMaker 7.0
Adobe Photoshop CS
Adobe Reader 8.2.2
Advanced System Optimizer
AVS Video Converter 6
Bonjour Core for Windows
BroadJump Client Foundation
CCleaner
CopyToDVD
Critical Update for Windows Media Player 11 (KB959772)
D-Link PCI Fast Ethernet Adapter
Dell Photo Printer 720
DVD43 v4.4.0
DVDFab 6.2.0.5 (11/11/2009)
DVDFab 7.0.8.2 (17/07/2010)
EA SPORTS online 2004
Free YouTube Download 2.1
FXCM Micro Trading Station II
GameRanger
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICatch (VI) PC Camera
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 19
LightScribe 1.4.31.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MVP Baseball 2004
Nero Suite
Opera 10.10
Panda ActiveScan 2.0
Panda Internet Security 2011
Panda Secure Vault 5
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Serif WebPlus X2
Serif WebPlus X2 Resources
Serif WebPlus X2 Template Pack: Business & Commerce
Serif WebPlus X4
Serif WebPlus X4 Resources
SimCity 4 Deluxe
TRENDnet TEW-421PC/TEW-423PI 802.11g Wireless Cardbus/PCI Adapter Driver and Utility
tunebite 3.0.0.5
Uninstall 1.0.0.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/16/2010 3:52:30 PM, error: PSched [14103] - QoS [Adapter {E294AE66-A5D2-4096-9278-CCE8261E319C}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
8/13/2010 12:24:56 PM, error: Service Control Manager [7034] - The Panda Process Protection Service service terminated unexpectedly. It has done this 1 time(s).
8/13/2010 11:26:15 AM, error: Service Control Manager [7001] - The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The system cannot find the file specified.
8/13/2010 11:26:15 AM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The system cannot find the file specified.
8/13/2010 10:59:42 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabmig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:42 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabimp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3138.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabfind.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\setup50.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\oemiglib.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\oemig50.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\oeimport.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoeres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:40 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3664.
8/13/2010 10:59:40 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msimn.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
8/13/2010 10:59:03 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zonelibm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:03 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zoneclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:03 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\znetm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:03 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zeeverm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.
8/13/2010 10:59:03 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zcorem.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:02 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zclientm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:02 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\uniansi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:02 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:02 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:02 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvsezm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvseres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvse.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtz.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnresm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.
8/13/2010 10:59:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:59:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:58:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:58:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckg.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.
8/13/2010 10:58:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2res2.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2res.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2fxb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2fxa.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:33 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2filt.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:33 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2ext.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:33 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2eres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:33 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\wmm2ae.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4026.0.
8/13/2010 10:58:32 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4027.0.
8/11/2010 7:27:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/11/2010 10:30:33 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/11/2010 10:30:33 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/10/2010 12:51:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

==== End Of File ===========================

2
Contributors
5
Replies
6
Views
7 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

====

Please do not attach zip files. .txt are best. Only attach if requested.

0

Ok trhanks for taking the time , here is combo fix log and thanks again.

ComboFix 10-08-16.04 - Jack 08/17/2010 11:35:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1684 [GMT -4:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
AV: Panda Internet Security 2011 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility .lnk
c:\documents and settings\Jack\Application Data\inst.exe
c:\windows\system32\usp10(3).dll

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-16 21:28 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 21:28 . 2010-08-16 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 21:28 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 18:57 . 2010-08-16 18:57 40840 ----a-w- c:\windows\system32\drivers\TERMDD.SYS
2010-08-16 16:53 . 2010-08-16 21:13 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-13 22:37 . 2010-08-13 22:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-13 16:47 . 2010-08-17 15:23 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-08-13 16:45 . 2010-08-13 16:45 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Panda Security
2010-08-13 16:40 . 2010-08-13 16:40 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-08-13 16:40 . 2010-08-13 16:47 200764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-08-13 16:40 . 2009-09-25 18:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-08-13 16:40 . 2009-09-25 18:54 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-08-13 16:40 . 2009-09-25 18:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-08-13 16:40 . 2010-02-18 23:31 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-08-13 16:40 . 2009-09-25 18:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-08-13 16:40 . 2009-09-25 18:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-08-13 16:40 . 2010-08-13 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2010-08-13 16:40 . 2010-06-22 22:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-13 16:39 . 2003-10-22 22:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-08-13 16:39 . 2009-10-06 16:33 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-08-13 16:39 . 2009-03-30 22:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-08-13 16:39 . 2009-03-30 22:22 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-08-13 16:39 . 2007-02-08 14:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-08-13 16:38 . 2009-03-30 22:22 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-08-13 16:38 . 2010-02-18 23:31 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-08-13 16:38 . 2010-08-13 16:38 -------- d-----w- c:\windows\system32\PAV
2010-08-13 16:38 . 2010-05-21 17:50 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-08-13 16:38 . 2010-03-24 16:55 55552 ----a-w- c:\windows\system32\avldr.dll
2010-08-13 16:38 . 2010-08-13 16:38 -------- d-----w- c:\documents and settings\Jack\Application Data\Panda Security
2010-08-13 16:38 . 2010-08-13 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-08-13 16:34 . 2009-10-27 16:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-08-13 16:34 . 2009-09-14 20:18 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-08-13 16:24 . 2010-08-13 16:27 -------- d-----w- C:\SMCLPAV
2010-08-13 15:17 . 2010-08-13 16:31 -------- d-----w- c:\program files\Common Files\Panda Security
2010-08-12 14:00 . 2010-08-13 16:40 -------- d-----w- c:\program files\Panda Security
2010-08-12 13:54 . 2010-08-12 13:54 -------- d-----w- c:\program files\CCleaner
2010-08-12 02:03 . 2010-08-12 02:03 -------- d-----w- c:\documents and settings\Jack\Application Data\Malwarebytes
2010-08-12 02:03 . 2010-08-12 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 20:44 . 2010-08-09 20:44 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Threat Expert
2010-08-09 14:54 . 2010-08-13 15:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 17:13 . 2010-08-07 17:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-06 20:02 . 2010-08-06 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-27 00:39 . 2010-07-27 00:39 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 15:23 . 2010-08-13 16:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-08-17 15:23 . 2010-08-13 16:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-08-16 17:42 . 2010-01-19 14:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 16:44 . 2008-02-26 01:14 -------- d-----w- c:\documents and settings\Jack\Application Data\Shareaza
2010-08-15 01:27 . 2008-10-26 20:59 -------- d-----w- c:\documents and settings\Jack\Application Data\CopyToDvd
2010-08-13 16:47 . 2010-08-13 16:40 200764 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-08-13 16:38 . 2008-02-25 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 15:53 . 2010-06-29 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-13 14:53 . 2008-03-05 03:54 -------- d-----w- c:\program files\Games
2010-08-10 15:48 . 2010-02-22 19:51 -------- d-----w- c:\program files\DVDFab
2010-08-10 15:48 . 2008-10-26 19:59 -------- d-----w- c:\documents and settings\Jack\Application Data\Vso
2010-08-09 21:42 . 2010-06-29 02:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-08 03:26 . 2010-07-15 18:28 2572 ----a-w- c:\windows\system32\ASOROSet.bin
2010-08-02 23:12 . 2008-11-29 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
2010-07-19 15:39 . 2008-02-26 02:48 -------- d-----w- c:\documents and settings\Jack\Application Data\tunebite
2010-07-17 20:43 . 2008-10-26 19:59 47360 -c--a-w- c:\documents and settings\Jack\Application Data\pcouffin.sys
2010-07-17 20:43 . 2008-10-26 19:59 47360 -c--a-w- c:\documents and settings\Jack\Application Data\pcouffin.sys
2010-07-17 20:43 . 2008-10-26 19:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-15 21:09 . 2008-03-05 03:52 -------- d-----w- c:\documents and settings\Jack\Application Data\IGN_DLM
2010-07-15 18:08 . 2010-07-15 15:41 -------- d-----w- c:\program files\Advanced System Optimizer 3
2010-07-15 15:43 . 2010-07-15 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-07-15 15:41 . 2010-07-15 15:38 10422352 ----a-w- c:\documents and settings\Jack\Application Data\Systweak\ASO3\Installer\aso3setup.exe
2010-07-15 15:38 . 2010-07-15 15:38 -------- d-----w- c:\documents and settings\Jack\Application Data\Systweak
2010-07-15 13:55 . 2010-05-06 16:20 -------- d-----w- c:\documents and settings\Jack\Application Data\Uniblue
2010-06-29 22:45 . 2010-06-29 22:45 1240800 ----a-w- c:\documents and settings\Jack\Application Data\GameRanger\GameRanger\GameRanger.exe
2010-06-29 22:43 . 2010-06-29 22:43 159456 ----a-w- c:\documents and settings\Jack\Application Data\GameRanger\GameRanger\Data\GameRanger.dll
2010-06-29 02:16 . 2010-06-29 02:16 -------- d-----w- c:\documents and settings\Jack\Application Data\Tific
2010-06-29 02:16 . 2010-06-29 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-15 01:57 . 2008-02-25 05:38 89408 -c--a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 00:23 . 2010-06-18 15:12 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:30 . 2008-02-25 04:54 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2010-07-07 984384]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-20 113664]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2008-6-2 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 16:55 55552 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TRENDnet\\TRENDnet TEW-421PC_TEW-423PI\\WlanCU.exe"=
"c:\\Program Files\\Candleworks\\FXTS2\\FXTSpp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\LG Software Innovations\\1Click DVD Copy 5\\1ClickDvdCopy.exe"=
"c:\\Documents and Settings\\Jack\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Serif\\WebPlus\\X4\\Program\\WebPlus.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Panda Security\\Panda Internet Security 2011\\ApVxdWin.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3783:TCP"= 3783:TCP:Voice Chat Port
"27900:TCP"= 27900:TCP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:TCP"= 13139:TCP:Custom UDP Pings
"6515:TCP"= 6515:TCP:Dplay UDP
"6500:TCP"= 6500:TCP:Query Port

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [8/13/2010 12:40 PM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [8/13/2010 12:40 PM 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [8/13/2010 12:40 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [8/13/2010 12:40 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [8/13/2010 12:40 PM 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [8/13/2010 12:40 PM 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [8/13/2010 12:34 PM 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [8/13/2010 12:40 PM 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [8/13/2010 12:38 PM 59080]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [7/15/2010 11:41 AM 238824]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [8/13/2010 12:34 PM 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2011\psksvc.exe [8/13/2010 12:40 PM 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [8/13/2010 12:47 PM 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [8/13/2010 12:38 PM 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S1 wlmckvvc;wlmckvvc;\??\c:\windows\system32\drivers\wlmckvvc.sys --> c:\windows\system32\drivers\wlmckvvc.sys [?]
S3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [7/15/2010 11:41 AM 6656]
S3 DUBE100;D-Link DUB-E100 USB 2.0 to Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [8/31/2008 2:10 PM 11935]
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\ASO-AntiSpyware.job
- c:\program files\Advanced System Optimizer 3\systemprotector.exe [2010-07-15 21:15]

2010-08-13 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2010-07-15 21:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1648)
c:\windows\SYSTEM32\Wireless\WirelessGina.DLL
c:\windows\system32\avldr.dll
.
Completion time: 2010-08-17 11:45:55
ComboFix-quarantined-files.txt 2010-08-17 15:45

Pre-Run: 21,797,421,056 bytes free
Post-Run: 21,901,447,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A3C50C9D69BC999FE2D26458144C828A

0

Looking good , gonna give it another day to mark it solved , but looks really good, Thanks again !!!

0

No worries :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.