My system crashed and we had to reinstall Windows XP OS. I am not sure if we reinstalled everything correctly. My system is running very slow now and I also cannot install the trial version of MS Office 2010. It keeps giving me an error that says that "The file needed to install MS office is corrupted". PLEASE help me fix what's wrong...Logs posted below:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-24 01:01:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3802110A rev.3.ADH
Running: xxnphjcm[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwliqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xEFB538A0]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
---- EOF - GMER 1.0.15 ----
...............................................
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-24 01:13:09
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3802110A rev.3.ADH
Running: xxnphjcm[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwliqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xEFB6DA60]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xEFB52BF0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xEFB6F920]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xEFB4EF60]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xEFB5A090]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xEFB662B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xEFB66BB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xEFB4DD10]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xEFB59E40]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xEFB64D70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xEFB72F30]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xEFB58B20]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xEFB5B900]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xEFB623A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xEFB63BB0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xEFB596B0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xEFB51C10]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xEFB5AFC0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xEFB68CA0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xEFB4E580]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xEFB68060]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xEFB6EDA0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xEFB538A0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xEFB5D750]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xEFB5DFA0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xEFB6CED0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xEFB61590]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xEFB5F500]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xEFB71A50]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xEFB71D70]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xEFB60D20]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xEFB5FC80]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xEFB604D0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xEFB70480]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xEFB6C440]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xEFB73520]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xEFB54BF0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xEFB631C0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xEFB5E820]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xEFB6B190]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xEFB6BAC0]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xEFB72770]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xEFB69790]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xEFB6A620]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xEFB64530]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xEFB6E2B0]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
---- EOF - GMER 1.0.15 ----
....................................................
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5179
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
11/24/2010 1:36:19 AM
mbam-log-2010-11-24 (01-36-19).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 139155
Time elapsed: 17 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
..................................................
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/23/2010 12:09:37 AM
System Uptime: 11/24/2010 12:53:21 AM (1 hours ago)
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 70.949 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 11/23/2010 12:11:57 AM - System Checkpoint
RP2: 11/23/2010 12:13:33 AM - Installed Dell Resource CD
RP3: 11/23/2010 12:14:11 AM - Installed SoundMAX
RP4: 11/23/2010 12:14:17 AM - Installed SoundMAX
RP5: 11/23/2010 10:47:24 AM - Installed Windows XP KB915865.
RP6: 11/23/2010 10:47:57 AM - Installed Windows NLSDownlevelMapping.
RP7: 11/23/2010 10:48:12 AM - Installed Windows IDNMitigationAPIs.
RP8: 11/23/2010 10:49:11 AM - Installed Windows Internet Explorer 7.
RP9: 11/23/2010 10:57:04 AM - Installed Windows Installer KB893803v2.
RP10: 11/23/2010 11:00:03 AM - Installed Double Anti-Spy
RP11: 11/24/2010 1:30:53 AM - Installed Java(TM) 6 Update 22
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Conexant D850 56K V.9x DFVc Modem
Dell Resource CD
Double Anti-Spy
Hotfix for Windows XP (KB915865)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox (3.6.12)
Security Update for Windows XP (KB912812)
SoundMAX
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB839210
==== Event Viewer Messages From Past Week ========
11/24/2010 12:50:20 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/24/2010 12:50:01 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/23/2010 12:16:59 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001676A1A603. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/23/2010 12:15:40 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001676A1A603. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.....................................
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 1:43:02.26 on Wed 11/24/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.171 [GMT -8:00]
AV: Avanquest Double Anti-Spy *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVANQU~1\DoubleAS\MXTask.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\PROGRA~1\AVANQU~1\DoubleAS\mxtask2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-11-23 704384]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-11-23 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2010-11-23 203056]
R2 Double Anti-Spy Task Manager;Double Anti-Spy Task Manager;c:\progra~1\avanqu~1\doubleas\mxtask.exe -service --> c:\progra~1\avanqu~1\doubleas\MXTask.exe -Service [?]
R2 SBAMSvc;Double Anti-Spy;c:\program files\common files\antivirus\SBAMSvc.exe [2009-9-8 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-11-23 69936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-24 38224]
=============== Created Last 30 ================
2010-11-24 09:31:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-24 09:31:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-24 09:31:43 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-24 09:17:13 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-24 09:16:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 09:16:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-24 09:16:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 09:16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 07:40:04 -------- d-----w- c:\docume~1\owner\applic~1\TP
2010-11-23 19:08:44 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-11-23 19:08:43 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-11-23 19:08:04 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-11-23 19:08:00 -------- d--h--w- C:\_Backup
2010-11-23 19:01:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest
2010-11-23 19:01:22 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-11-23 19:01:07 -------- d-----w- c:\docume~1\owner\applic~1\Avanquest
2010-11-23 19:00:42 -------- d-----w- c:\program files\common files\AntiVirus
2010-11-23 19:00:12 -------- d-----w- c:\program files\Avanquest
2010-11-23 18:57:13 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-23 18:47:54 22752 ----a-w- c:\windows\system32\spupdsvc.exe
==================== Find3M ====================
============= FINISH: 1:43:45.59 ===============