[RESOLVED] Windows Update problem

Started By Morgan, Feb 19 2011 06:19 AM

Next

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

24 replies to this topic

#1 Morgan

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 19 February 2011 - 06:19 AM

Hi everyone,

I am usually pretty good at cleaning up for others, and the last thing I want to do it dump this problem into some else lap, but I have come up against a wall on an old laptop for a friend and could use some help. The pc was infected with the MSConfig32 virus and 2 variants of the worm Allaple (allaple.gen , allaple.b.2) according to Malwarebytes and AntiVir. The infection appeared to be removed after several scans. At this point, SP3 has been installed from a Network Install Pkg I had laying around, along with AntiVir and Comodo FW. However, critical updates are not being offered when going to Windows Update or Microsoft Update. At first the only update offered was a Critical Update for "HP Memories Disc". After I removed the outdated HP software, then I was able to receive (2)Recommended and (4)Optional driver updates. Out of curiosity I updated 1 driver and that set off a continuous MSI Installer for "The Print Shop 20" , which was already installed. Knowing W/Allaple infects .htm and .html files and both these programs had such files and along with the msconfig32 infection I suspect I missed something. Looking thru the Print Shop reg keys I noted malware entries although they looked benign. Regardless I removed the program. That fixed the MSI installer issue, but still no critical updates for XP.
At this point I'm trying to figure out if Windows Update is working or not? If Windows is actively infected or not? If it is can it be cleaned? Is a clean install the best option?
The current MBAM and AntiVir logs are clean, along with HitmanPro and Eset Online scanner. Gmer and DSS will start but lock up after the scan starts. This occurs in Real and Safe modes even when using rkill. I've been able to use OTL but I must confess my log analysis is limited. I'll wait to post anything till requested.
Many thanks to all who can help.

Back to top

#2 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 19 February 2011 - 04:18 PM

Welcome aboard Posted Image

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================================================

It's very possible, that you're still infected. Inability to run Windows updates, along with GMER and DDS may be an indication of a rootkit present.
We'll check.

On a side note....never install any non-MS updates through Windows updates. Unfortunately, MS has a long history of messing those up.

Now....

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Back to top

#3 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 19 February 2011 - 06:45 PM

Hi Broni,

Thanks for taking the time on this. I'm familiar with your instructions and will follow your protocol. You may find I have already used advanced tools, but I will refrain from any further actions on this laptop and follow your guidelines exactly.
The pc appears to be a little sluggish, but it is an older Celeron powered laptop, I'm used to working with newer pc's , so my judgment is likely biased. I'm not noticing any unusual HDD activity. TDSS log follows.

--------------------------------------------------------------------------------------------------------------------
2011/02/19 12:21:07.0101 3956 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 12:21:07.0511 3956 ================================================================================
2011/02/19 12:21:07.0511 3956 SystemInfo:
2011/02/19 12:21:07.0511 3956
2011/02/19 12:21:07.0511 3956 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/19 12:21:07.0511 3956 Product type: Workstation
2011/02/19 12:21:07.0511 3956 ComputerName: TOSHIBA-USER
2011/02/19 12:21:07.0511 3956 UserName: xp
2011/02/19 12:21:07.0511 3956 Windows directory: C:\WINDOWS
2011/02/19 12:21:07.0511 3956 System windows directory: C:\WINDOWS
2011/02/19 12:21:07.0511 3956 Processor architecture: Intel x86
2011/02/19 12:21:07.0511 3956 Number of processors: 1
2011/02/19 12:21:07.0511 3956 Page size: 0x1000
2011/02/19 12:21:07.0511 3956 Boot type: Normal boot
2011/02/19 12:21:07.0511 3956 ================================================================================
2011/02/19 12:21:08.0282 3956 Initialize success
2011/02/19 12:21:29.0813 4004 ================================================================================
2011/02/19 12:21:29.0813 4004 Scan started
2011/02/19 12:21:29.0813 4004 Mode: Manual;
2011/02/19 12:21:29.0813 4004 ================================================================================
2011/02/19 12:21:32.0487 4004 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/02/19 12:21:33.0208 4004 ACPI (15634a4d4371423ad438b93ee0519cb8) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/19 12:21:33.0599 4004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/19 12:21:34.0460 4004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/19 12:21:35.0241 4004 AFD (e5d9213212ed08dc5f985049f7c68c09) C:\WINDOWS\System32\drivers\afd.sys
2011/02/19 12:21:36.0273 4004 AgereSoftModem (df728d797e2e01520f4f4656e256dd91) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/19 12:21:37.0314 4004 agp440 (a42abfaee59a1dc0e47014e7b5d76ad6) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/19 12:21:39.0898 4004 ApfiltrService (9fbba835bd59f59c59b6887151ea0bb7) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/02/19 12:21:41.0260 4004 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/19 12:21:41.0811 4004 AsyncMac (0d4681f78a20b50d691a4f3c9f75eb41) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/19 12:21:42.0211 4004 atapi (335bb30ed68cf3dc0ee2bddb438b6a9b) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/19 12:21:43.0042 4004 Atmarpc (ecf89e5bd58e3a3cc2e7db0f0d9f6c6c) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/19 12:21:43.0463 4004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/19 12:21:43.0793 4004 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/19 12:21:44.0194 4004 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/19 12:21:44.0795 4004 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/19 12:21:45.0245 4004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/19 12:21:45.0796 4004 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/02/19 12:21:46.0197 4004 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/02/19 12:21:46.0728 4004 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/02/19 12:21:47.0128 4004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/19 12:21:47.0889 4004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/19 12:21:48.0280 4004 Cdfs (b7b2efd695bb6e937eb3e5b5465b6f47) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/19 12:21:48.0690 4004 Cdrom (1f29616b1fc4d66a988cf97531bcf729) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/19 12:21:49.0532 4004 CmBatt (36ef0b68cfbbd997045ec5c8cbd78710) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/19 12:21:50.0353 4004 cmdGuard (dd530ee7d9efbb0ec42aebe7226b8a93) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/02/19 12:21:50.0743 4004 cmdHlp (07cbbe993ed08a52dafac1e6cf27b6a5) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/02/19 12:21:51.0525 4004 Compbatt (04dad72f2ca2dcdbc4af1ede202331ce) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/19 12:21:53.0007 4004 Disk (023712144c69e60fcb662cda2715bf16) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/19 12:21:53.0908 4004 dmboot (1e5c89a65465f6d9674898eb4989cb86) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/19 12:21:54.0939 4004 dmio (6cf151f832ec417ffaf68f20ed7d39fb) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/19 12:21:55.0370 4004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/19 12:21:56.0041 4004 DMusic (c561840c22148f5affb659d547efdbb0) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/19 12:21:56.0462 4004 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
2011/02/19 12:21:57.0022 4004 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
2011/02/19 12:21:57.0393 4004 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
2011/02/19 12:21:58.0184 4004 drmkaud (c13ee685aa1a8950146f7f968eb090bd) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/19 12:21:58.0615 4004 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/19 12:21:59.0216 4004 Fastfat (f696cf49c72f50ea0c1038c2daa98a00) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/19 12:21:59.0676 4004 Fdc (650fa0d37498f9e2b201a09dbca0b85b) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/19 12:22:00.0267 4004 Fips (74947fd2d6a9151c0bb9c72bdaf0e894) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/19 12:22:00.0658 4004 Flpydisk (3b8607a2bf5aec3dab18cf3612c07c1d) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/19 12:22:01.0068 4004 FltMgr (87ec219a7ae5553144e2086d2d7daa8a) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/19 12:22:01.0619 4004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/19 12:22:02.0050 4004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/19 12:22:02.0711 4004 Gpc (9479c26a5691ccea495e2438ef11c948) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/19 12:22:03.0111 4004 HidUsb (5f845228561e9545edc6f9ebfa15d338) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/19 12:22:04.0583 4004 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/19 12:22:04.0974 4004 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/19 12:22:05.0334 4004 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/19 12:22:05.0955 4004 HTTP (681afd0f5d6a12be948181b11a7f80a6) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/19 12:22:07.0227 4004 i8042prt (30abe7000df369d8b1c4174429260aad) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/19 12:22:07.0748 4004 Imapi (e32bf30d20b5c162775f9a3451e87b67) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/19 12:22:08.0479 4004 Inspect (8154a2c13b72b08db11157673c60c3eb) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/02/19 12:22:09.0000 4004 IntelIde (f019c4688b8f36c2fd6eb1743d0898d6) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/19 12:22:09.0390 4004 intelppm (b3731ca1bdb32f83c817263646c31c15) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/19 12:22:09.0951 4004 ip6fw (ef9bb587e33c2c245b5b83e882501ff6) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/19 12:22:10.0342 4004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/19 12:22:10.0872 4004 IpInIp (30aba7a3f81e4b76c963cd6caa23cb49) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/19 12:22:11.0303 4004 IpNat (eeb5787bd1445c8dc592f40691781774) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/19 12:22:11.0694 4004 IPSec (bfea19daff955239a16a80c3cdf64fbe) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/19 12:22:12.0274 4004 irda (64155469ffe98f216782b38d415ea0c6) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/02/19 12:22:12.0685 4004 IRENUM (64e28d94089cff1c3c77f02f99ffac3f) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/19 12:22:13.0276 4004 isapnp (81a40a1118265dfc09c036f7776ebcc0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/19 12:22:13.0636 4004 Kbdclass (4ff969b48f320f6ce0b07247069c4c22) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/19 12:22:14.0217 4004 kmixer (55e8d7039254728e9f071118184ff53b) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/19 12:22:14.0698 4004 KSecDD (23ea4c1a4ca28fd766ed2d3a5beaee3f) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/19 12:22:15.0539 4004 LHidFlt2 (63b00a26f62572e0d58e6c8d3b32bf59) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/02/19 12:22:15.0920 4004 LHidUsb (ac05a1b5c66d693b1598fd83617d1820) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/02/19 12:22:16.0440 4004 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/02/19 12:22:16.0881 4004 LxrJD31d (3f6f7993ae46aded2db2886ed3080c80) C:\WINDOWS\System32\Drivers\LxrJD31d.sys
2011/02/19 12:22:17.0442 4004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/19 12:22:17.0822 4004 Modem (add0bb36498e4da9b1b6a3e201b60a18) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/19 12:22:18.0173 4004 Mouclass (e70558b84cb0cb9c739cc48ead2a4323) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/19 12:22:18.0654 4004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/19 12:22:19.0024 4004 MountMgr (07be8cafd246a7dfb7fd4a387e936e92) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/19 12:22:20.0026 4004 MRxDAV (ac816eff53bca79369f0b8643165368c) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/19 12:22:20.0757 4004 MRxSmb (73484c0377fefa76a4ddd48112ec93a3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/19 12:22:21.0357 4004 Msfs (4d563545581e72c477ab00741b119853) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/19 12:22:21.0958 4004 MSKSSRV (b16206732e541c04c1860d84447ef5bf) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/19 12:22:22.0319 4004 MSPCLOCK (bd33cfa58c156cbd5419a87c3a4cd0b2) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/19 12:22:22.0669 4004 MSPQM (a7ec2f88fae0f03252a60950660cc3e1) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/19 12:22:23.0280 4004 mssmbios (f41814fd8811b2ba2a43a79aa8cce82a) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/19 12:22:23.0671 4004 Mup (2bb00d68cc9fbda1ee3d9bab9e4fd620) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/19 12:22:24.0272 4004 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/02/19 12:22:24.0752 4004 NDIS (d1b364f049eb84a883c8a45d3b92ff3b) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/19 12:22:25.0173 4004 NdisTapi (7d0d0f2bf199c2df0a9d1b01406168ac) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/19 12:22:25.0704 4004 Ndisuio (e8969046dc350ecd1e9209dfe341c170) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/19 12:22:26.0114 4004 NdisWan (266fded9836490ff227ad13e677ba4fb) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/19 12:22:26.0675 4004 NDProxy (5aa58d218431c79e36a4878f18414637) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/19 12:22:27.0066 4004 NetBIOS (c70b403d8158e11bf0d43d5b153cbe6b) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/19 12:22:27.0717 4004 NetBT (c181e1f7a2a251b7af6352dcbd8457f3) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/19 12:22:28.0237 4004 Npfs (20c123afc574abf76ba35d39c26ae6df) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/19 12:22:29.0099 4004 Ntfs (34a993d7e519364f5d548b5726917753) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/19 12:22:29.0940 4004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/19 12:22:30.0991 4004 nv (5787dd363c4edf625b0f3f1fe3cae213) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/19 12:22:32.0033 4004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/19 12:22:32.0413 4004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/19 12:22:32.0824 4004 Parport (10572a94d8978619ce4845fe8595c9a5) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/19 12:22:33.0355 4004 PartMgr (67075da61516adedd710a9da6c6c8acb) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/19 12:22:33.0745 4004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/19 12:22:34.0276 4004 PCI (f3cebed46dc3a7f1758745c1d1fa5fcf) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/19 12:22:35.0317 4004 Pcmcia (1ec157cb90d06455d67c007ada4973ac) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/19 12:22:37.0831 4004 PptpMiniport (87d6a848dc367056778168d40a6f1a70) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/19 12:22:38.0212 4004 Processor (7169253efd25e3213c432f59350f16a8) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/19 12:22:38.0772 4004 PSched (8dc29e493cce832784a60bf7c120f132) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/19 12:22:39.0153 4004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/19 12:22:39.0514 4004 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/02/19 12:22:41.0587 4004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/19 12:22:42.0097 4004 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/02/19 12:22:42.0498 4004 Rasl2tp (dbc6aeda3111edaf60948fc063565006) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/19 12:22:43.0149 4004 RasPppoe (96467fc3e135f0b174b8978bd8ce69f9) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/19 12:22:43.0509 4004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/19 12:22:44.0110 4004 Rdbss (1116a775bfa71f2c13f3d420da455ff2) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/19 12:22:44.0541 4004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/19 12:22:45.0212 4004 RDPWD (0cd1bda7f6848e4de4eed3d36874ffb5) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/19 12:22:45.0662 4004 redbook (11540f52cbc8a4c97467579bbf7ffae2) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/19 12:22:46.0333 4004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/19 12:22:46.0734 4004 Serial (471168d4b9adfd1f9e692f8779455188) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/19 12:22:47.0355 4004 Sfloppy (dc495a349dfd94fbfe4cf0689ed647b2) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/19 12:22:48.0046 4004 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/02/19 12:22:48.0917 4004 splitter (e477a633ea2d387788879a30666e5998) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/19 12:22:49.0478 4004 sr (8ec0ec1508d5c0dc9f0a46b264b41bff) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/02/19 12:22:50.0019 4004 Srv (388a576b405fd4c8a4886aa872e8e0f1) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/19 12:22:50.0730 4004 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/19 12:22:51.0120 4004 swenum (a5491f57e70167a10ed40e19d36edd13) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/19 12:22:51.0661 4004 swmidi (5f8ab2829c52609e03560725eaf167f9) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/19 12:22:54.0034 4004 sysaudio (feaee2df25f435c153756707321bbf46) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/19 12:22:54.0595 4004 Tcpip (19ebda988da80f133dc9e28a50f606e8) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/19 12:22:55.0286 4004 TDPIPE (76afdfea26d4cb16e81fa32a22c34376) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/19 12:22:55.0667 4004 TDTCP (2fc82251c9e895aa48624ebe05e5774e) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/19 12:22:56.0198 4004 TermDD (4e55b6f75ad92f13d6abbf8d767cbcec) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/19 12:22:56.0899 4004 TVALD (20b6be2a69c7547a09f67c3e67a2bdd5) C:\WINDOWS\system32\DRIVERS\TVALD.SYS
2011/02/19 12:22:57.0429 4004 TVALG (80ebc386bd6f71e0b352c956492fd5bd) C:\WINDOWS\system32\DRIVERS\TVALG.SYS
2011/02/19 12:22:57.0850 4004 Udfs (90374e55f93f2883377902cb9cbfc6db) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/19 12:22:58.0781 4004 Update (415c2a770f4b6932308f9de7b19b3139) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/19 12:22:59.0532 4004 usbccgp (9a0a8be756bd7a9bad4a3d0e9fa7bd79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/19 12:22:59.0943 4004 usbhub (8167383fe00199108f63269c2b8a99e1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/19 12:23:00.0293 4004 usbprint (14caa438f4ebd12dbd43db0273bc0fdc) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/19 12:23:00.0864 4004 usbscan (5be9c3f196c607aaa072ed660f9c0423) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/19 12:23:01.0245 4004 USBSTOR (e3eef7ae5105a9f99b1807031edb4171) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/19 12:23:01.0786 4004 usbuhci (b02addb9a345cbae360a29b2865c36a1) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/19 12:23:02.0146 4004 VgaSave (cc1f0dd100f577e9b029547fee285813) C:\WINDOWS\System32\drivers\vga.sys
2011/02/19 12:23:02.0947 4004 VolSnap (2abf037f9d447424b58d73706b55b762) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/19 12:23:03.0388 4004 Wanarp (8794191476e6b93161baaa136e309454) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/19 12:23:04.0099 4004 wdmaud (cf66393a0b2e361503bf381ac013b34a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/19 12:23:04.0540 4004 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/02/19 12:23:05.0170 4004 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
2011/02/19 12:23:05.0711 4004 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/19 12:23:06.0162 4004 ================================================================================
2011/02/19 12:23:06.0162 4004 Scan finished
2011/02/19 12:23:06.0162 4004 ================================================================================

Back to top

#4 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 19 February 2011 - 07:07 PM

This one looks fine.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Back to top

#5 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 19 February 2011 - 07:58 PM

Thanks again Broni, here's the report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3, v.3264)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF9D5000 C:\WINDOWS\System32\nv4_disp.dll 3891200 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.91 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2188928 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2188928 bytes
0x804D7000 RAW 2188928 bytes
0x804D7000 WMIxWDM 2188928 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7C8B000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1306624 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.91 )
0xF7A8A000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1134592 bytes (Agere Systems, SoftModem Device Driver)
0xF83FC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5EE7000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6034000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF7A09000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEF0B7000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEEB9E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF60C0000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xF7BC3000 C:\WINDOWS\system32\drivers\yacxgc.sys 204800 bytes (YAMAHA CORPORATION, YAMAHA AC-XG WDM)
0xF8526000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEF20B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF83B9000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xED912000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5F97000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF600C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7C2C000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF5A4E000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF5EC1000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7B9F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7C53000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7BF5000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5FC2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF84A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84F7000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF839F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF84C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF0C5F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8489000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7A73000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF83E6000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xEF54B000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xEF629000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEF356000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7C18000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7C77000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF608D000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xEF109000 C:\WINDOWS\System32\Drivers\LxrJD31d.sys 73728 bytes
0xF8515000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7A62000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79C9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF86F5000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF86D5000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 61440 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF8715000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8705000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEF403000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF87C5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF85B5000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF86C5000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8725000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8595000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8745000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF85C5000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF86A5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF86E5000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8585000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8735000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8575000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8795000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8765000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF85A5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86B5000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8755000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8645000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEEE57000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79F9000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8855000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF88C5000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF884D000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF87F5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88CD000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xF883D000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8845000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88D5000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8835000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF88B5000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88BD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87FD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8865000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF885D000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF886D000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8805000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF889D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF898D000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8A71000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF836F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEF642000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8991000 PxHelp20.sys 16384 bytes (VERITAS Software, Inc., PxHelper Device Driver for Windows 2000)
0xF8985000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8989000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF78A0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF837B000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7DDA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7DCA000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8A8F000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF8AE3000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8AC9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B2B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8AC7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8AA5000 C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS 8192 bytes
0xF8A79000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A75000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8ACB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A89000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8ACD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AAB000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A7D000 TVALD.SYS 8192 bytes (Toshiba Corporation, Toshiba ACPI-Based Value Added Logical Device Driver)
0xF8A7B000 TVALG.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA Value Added Logical and General Purpose Device Driver)
0xF8AB7000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A77000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C50000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B7D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8CC1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [e100bnt5.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [LCCFLTR.SYS]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [wlluc48.sys]
WARNING: Virus alike driver modification [hphipr11.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [hphius11.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [LHidFlt2.Sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [MrtRate.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [smcirda.sys]
WARNING: Virus alike driver modification [LHidUsb.sys]
WARNING: Virus alike driver modification [hphs2k11.sys]
WARNING: Virus alike driver modification [hphid411.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [TVALD.SYS]
WARNING: Virus alike driver modification [L8042PR2.SYS]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [TVALG.SYS]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [LMouFlt2.Sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [ac97intc.sys]

Back to top

#6 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 19 February 2011 - 08:01 PM

Hmmmm, for some reason it did not copy the last line ,

>!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Back to top

#7 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 19 February 2011 - 08:32 PM

Update Malwarebytes, run it and post fresh log.

================================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#8 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 01:34 AM

Hi Broni,

MBRCheck went well, but Combofix is giving a problem. The first try it updated then began to run, created a restore point , then began a scan, after 2 min. the scan stopped with no HDD activity for 45min. , just a blinking curser. I had to power off. I then tried Safe Mode, but now Combofix says AntiVir Desktop is running. I checked Task Manager and Services.msc and AntiVir is not running. Tried a new copy of Combofix and ran rkill , same result...AntiVir Desktop is running. Continuing the scans produces the same results as before. Im not sure how AntiVir could still be running. I could uninstall both AntiVir and Comodo FW if you like, the laptop is behind a router, so it should safe for what we need to do.

Here are the MBRCheck and Rkill logs :

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3, v.3264 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8A75000 \WINDOWS\system32\KDCOM.DLL
0xF8985000 \WINDOWS\system32\BOOTVID.dll
0xF8526000 ACPI.sys
0xF8A77000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8515000 pci.sys
0xF8575000 isapnp.sys
0xF8989000 compbatt.sys
0xF898D000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8A79000 intelide.sys
0xF87F5000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF84F7000 pcmcia.sys
0xF8585000 MountMgr.sys
0xF84D8000 ftdisk.sys
0xF87FD000 PartMgr.sys
0xF8595000 VolSnap.sys
0xF84C0000 atapi.sys
0xF85A5000 disk.sys
0xF85B5000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF84A0000 fltmgr.sys
0xF8991000 PxHelp20.sys
0xF8489000 KSecDD.sys
0xF83FC000 Ntfs.sys
0xF83E6000 inspect.sys
0xF83B9000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xF8805000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xF8A7B000 TVALG.SYS
0xF8A7D000 TVALD.SYS
0xF839F000 Mup.sys
0xF85C5000 agp440.sys
0xF86B5000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7C8B000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7C77000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8835000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7C53000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7C2C000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF86C5000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF883D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF86D5000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF8845000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7C18000 \SystemRoot\System32\DRIVERS\parport.sys
0xF86E5000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF884D000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF86F5000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8705000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7BF5000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7BC3000 \SystemRoot\system32\drivers\yacxgc.sys
0xF7B9F000 \SystemRoot\system32\drivers\portcls.sys
0xF8715000 \SystemRoot\system32\drivers\drmk.sys
0xF7A8A000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF8855000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8A71000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8C50000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF885D000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF8725000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF837B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7A73000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8735000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8745000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A62000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8755000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8865000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF886D000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8765000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8AAB000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7A09000 \SystemRoot\System32\DRIVERS\update.sys
0xF836F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8795000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF87C5000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8AB7000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF60C0000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xF8AC7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CC1000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AC9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88B5000 \SystemRoot\System32\drivers\vga.sys
0xF8ACB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8ACD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88BD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88C5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7DDA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF608D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF6034000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF88CD000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xF600C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF7DCA000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5FC2000 \SystemRoot\System32\drivers\afd.sys
0xF8645000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF88D5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5F97000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5EE7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF86A5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5EC1000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF79F9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF5A4E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8AE3000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF79C9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF0C5F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B2B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF78A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF889D000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF8B7D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF629000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEF54B000 \SystemRoot\System32\DRIVERS\irda.sys
0xEF642000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEF356000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF403000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF20B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8A89000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF8A8F000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEF109000 \??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys
0xEF0B7000 \SystemRoot\System32\DRIVERS\srv.sys
0xEEB9E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8AA5000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xED006000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
988 svchost.exe
1080 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1156 C:\WINDOWS\system32\svchost.exe
1308 svchost.exe
1424 svchost.exe
1668 C:\WINDOWS\system32\brsvc01a.exe
1868 C:\WINDOWS\system32\spoolsv.exe
1904 C:\WINDOWS\explorer.exe
1916 C:\WINDOWS\system32\brss01a.exe
2016 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1272 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1344 C:\WINDOWS\system32\LxrJD31s.exe
1360 C:\WINDOWS\system32\nvsvc32.exe
1528 C:\WINDOWS\system32\svchost.exe
420 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
124 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
820 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1064 C:\WINDOWS\system32\ctfmon.exe
2784 alg.exe
2580 C:\Documents and Settings\xp\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2018GAS, Rev: Q2.03 E

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

=================================================================================================================
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/19/2011 at 19:01:30.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 02/19/2011 at 19:01:35.

Back to top

#9 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 04:41 AM

When in safe mode ignore any Combofix warnings and run it anyway.

Back to top

#10 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 06:10 AM

Ok, be back in the mornin with the results.

Back to top

#11 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 06:12 AM

No problem :)

Back to top

#12 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 02:51 PM

Top of the morning, Broni !
Humidity and temps are up today here in Corpus Christi. I hope there is a breeze...

Well, I let it run all night hoping I'd see some results, but alas it's a no go. Same results as before, Combofix says it's scanning for an infection.. after a few minutes of HDD activity ..lots of crunching going on.. then a sudden stop.. blinking curser.. I found it the same way this morning. Any action from me and it locks up, and I need to power off. If I was a guessing man, I'd say it happens when it runs Catchme, since Gmer symptoms are the same.

Pc still seems to be running fine, no unusual activity.

If you have the time, could I ask you to shed some light on the many entries from RkU's Stealth section : "WARNING: Virus alike driver modification" ?

Back to top

#13 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 04:03 PM

Well, this is what we're trying to fond out.

Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.

Back to top

#14 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 04:39 PM

Hmmm, indeed. Avenger ran without issues..

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Back to top

#15 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 04:41 PM

I'll be leaving for church, so I'll leave you with some "homework" :)

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Back to top

#16 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 07:03 PM

The scan went fine. Eset says No Threats Found! , and there was no report to export.

Back to top

#17 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 07:16 PM

Very well....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
ac97intc.sys
mcd.sys
LMouFlt2.Sys
nwlnknb.sys
TVALG.SYS
rootmdm.sys
dmload.sys
vdmindvd.sys
nwlnkspx.sys
L8042PR2.SYS
TVALD.SYS
tosdvd.sys
hpzid412.sys
hphid411.sys
hphs2k11.sys
LHidUsb.sys
smcirda.sys
atmuni.sys
MrtRate.sys
rawwan.sys
ipfltdrv.sys
nwlnkfwd.sys
atmepvc.sys
cinemst2.sys
LHidFlt2.Sys
HPZius12.sys
tsbvcap.sys
hphius11.sys
HPZipr12.sys
pxhelp20.sys
hphipr11.sys
wlluc48.sys
smclib.sys
LCCFLTR.SYS
cbidf2k.sys
ftdisk.sys
nwlnkflt.sys
e100bnt5.sys
mouhid.sys
fsvga.sys
riodrv.sys
rio8drv.sys
nikedrv.sys
cpqdap01.sys
acpiec.sys
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#18 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 20 February 2011 - 09:03 PM

Thanx again, Broni.

Here are the 2 logs..

OTL logfile created on: 2/20/2011 2:37:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\xp\Desktop
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 50.00% Memory free
866.00 Mb Paging File | 599.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 11.23 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 14:33:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xp\Desktop\OTL.exe
PRC - [2011/02/10 21:59:38 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/01/20 10:42:06 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/12/01 00:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/04/11 18:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/12 18:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

========== Modules (SafeList) ==========

MOD - [2011/02/20 14:33:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xp\Desktop\OTL.exe
MOD - [2011/02/10 22:00:58 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/10 21:59:38 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/01/20 10:42:06 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2003/05/14 06:45:04 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/11/22 13:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2002/04/11 18:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - [2011/02/10 22:00:57 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/02/10 22:00:56 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/02/10 22:00:55 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/20 10:42:06 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2004/06/11 23:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/09 22:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 15:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/10/17 16:02:00 | 001,371,740 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/10/17 14:04:08 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/03/04 03:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 03:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/03/04 03:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/11/22 13:49:22 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/11/22 13:49:22 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/11/22 13:49:22 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2002/08/29 00:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2002/08/12 20:45:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/07/24 17:42:34 | 000,202,880 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/06/21 12:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 05:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2001/09/13 20:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/08/17 15:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
DRV - [2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 8C BC 27 3D D1 CB 01 [binary data]
IE - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2001/08/18 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-1974565712-3207847200-3536274614-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.90.130.101 216.82.201.11
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 14:33:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xp\Desktop\OTL.exe
[2011/02/20 10:26:14 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/02/20 10:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Desktop\avenger
[2011/02/19 23:10:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/19 23:10:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/19 23:10:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/19 23:10:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/19 23:10:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/19 19:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/19 12:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Desktop\tdsskiller
[2011/02/15 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/15 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/02/15 17:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/02/15 17:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/13 13:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/13 13:13:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/13 13:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/02/13 13:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/02/10 22:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/02/10 19:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Start Menu\Programs\Revo Uninstaller
[2011/02/10 19:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/02/08 16:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Application Data\Avira
[2011/02/07 23:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/02/07 23:07:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/02/07 23:06:52 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/02/07 23:06:52 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/02/07 23:06:52 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/02/07 23:06:52 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/02/07 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/07 23:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/02/06 16:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Desktop\applications
[2011/02/06 15:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/02/06 15:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/02/06 15:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/02/05 14:43:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\xp\PrivacIE
[2011/02/05 14:36:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\xp\IETldCache
[2011/02/05 14:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/02/05 14:30:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/05 14:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/04 22:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/02/04 22:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/04 21:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/02/04 21:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/02/04 21:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/04 21:53:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/04 21:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/02/04 21:42:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/04 21:33:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/04 19:27:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/02/04 19:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Desktop\Logs
[2011/02/04 18:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xp\Application Data\Malwarebytes
[2011/02/04 18:53:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/04 18:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/04 18:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/04 18:53:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/04 18:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/02/20 14:33:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xp\Desktop\OTL.exe
[2011/02/20 10:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/20 10:27:42 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 10:22:34 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\avenger.zip
[2011/02/19 19:36:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/02/19 18:52:26 | 000,721,253 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\rkill.com
[2011/02/19 18:52:05 | 004,271,240 | R--- | M] () -- C:\Documents and Settings\xp\Desktop\ComboFix.exe
[2011/02/19 17:15:59 | 000,006,214 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\combofix.doc
[2011/02/19 16:49:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\MBRCheck.exe
[2011/02/19 13:49:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\RKUnhookerLE.EXE
[2011/02/19 12:19:39 | 001,246,857 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\tdsskiller.zip
[2011/02/18 22:33:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/15 17:18:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/15 17:18:32 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/02/10 22:00:58 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/02/10 22:00:57 | 000,094,784 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/02/10 22:00:56 | 000,027,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/02/10 22:00:56 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/02/10 22:00:55 | 000,239,368 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/02/10 20:04:25 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 19:37:11 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\Revo Uninstaller.lnk
[2011/02/08 18:57:38 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\xp\ponentially
[2011/02/07 23:07:46 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/02/07 21:53:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2011/02/06 15:28:42 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/02/06 12:22:00 | 000,381,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/06 12:22:00 | 000,053,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/06 11:49:48 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/02/06 11:44:49 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/02/05 14:36:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/05 14:33:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/04 22:38:14 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/04 22:38:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/04 22:21:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

========== Files Created - No Company Name ==========

[2011/02/20 10:22:30 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\avenger.zip
[2011/02/20 10:15:17 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 23:10:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/19 23:10:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/19 23:10:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/19 23:10:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/19 23:10:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/19 18:52:24 | 000,721,253 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\rkill.com
[2011/02/19 18:51:51 | 004,271,240 | R--- | C] () -- C:\Documents and Settings\xp\Desktop\ComboFix.exe
[2011/02/19 17:15:41 | 000,006,214 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\combofix.doc
[2011/02/19 16:49:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\MBRCheck.exe
[2011/02/19 13:49:23 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\RKUnhookerLE.EXE
[2011/02/19 12:19:33 | 001,246,857 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\tdsskiller.zip
[2011/02/15 17:18:32 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/02/15 17:09:07 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/13 13:14:19 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2011/02/13 13:14:12 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2011/02/10 19:37:11 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\xp\Desktop\Revo Uninstaller.lnk
[2011/02/08 18:57:38 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\xp\ponentially
[2011/02/07 23:07:46 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/02/06 15:28:42 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/02/06 11:49:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/02/06 11:44:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/02/04 22:20:34 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\xp\Start Menu\Programs\Internet Explorer
[2011/02/04 22:20:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/04 22:19:23 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/04 21:54:38 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/02/04 21:54:38 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/02/04 21:54:38 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/02/04 21:54:38 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/02/04 21:54:38 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/02/04 21:54:38 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/02/04 21:54:37 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/02/04 21:54:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/02/04 21:54:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/02/04 21:54:37 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/02/04 21:54:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/02/04 21:54:35 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/02/04 21:54:35 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/02/04 21:54:34 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/02/04 21:54:34 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/02/04 21:54:34 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/02/04 21:54:33 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/02/04 21:54:33 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/02/04 21:54:33 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/02/04 21:54:33 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/02/04 21:54:33 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/02/04 21:54:33 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/02/04 21:54:33 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/02/04 21:54:33 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/02/04 21:54:33 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/02/04 21:54:33 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/02/04 21:54:33 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/02/04 21:54:33 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/02/04 21:54:32 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/02/04 21:54:32 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/02/04 21:54:32 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/02/04 21:54:32 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/02/04 21:54:32 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/02/04 21:54:32 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/02/04 21:54:32 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/02/04 21:54:32 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/02/04 21:54:32 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/02/04 21:54:32 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/02/04 21:54:32 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/02/04 21:54:32 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/02/04 21:54:32 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/02/04 21:54:32 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/02/04 21:54:31 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/02/04 21:54:31 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/02/04 21:54:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/02/04 21:54:31 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/02/04 21:54:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/02/04 21:54:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/02/04 21:54:31 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/02/04 21:54:31 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/02/04 21:54:31 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/02/04 21:54:31 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/02/04 21:54:31 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/02/04 21:54:31 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/02/04 21:54:31 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/02/04 21:54:31 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/02/04 21:54:31 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/02/04 21:54:31 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/02/04 21:54:31 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/02/04 21:54:31 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/02/04 21:54:31 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/02/04 21:54:30 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/02/04 21:54:30 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/02/04 21:54:30 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/02/04 21:54:30 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/02/04 21:54:29 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/02/04 21:54:29 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/02/04 21:54:29 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/02/04 21:54:29 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/02/04 21:54:29 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/02/04 21:54:29 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/02/04 21:54:28 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/02/04 21:54:28 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/02/04 21:54:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/02/04 21:54:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/02/04 21:54:28 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/02/04 21:54:28 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/02/04 21:54:28 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/02/04 21:53:27 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2011/02/04 21:46:41 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/02/04 21:42:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/02/04 21:42:26 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/02/04 18:53:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/04 18:53:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 10:42:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2011/01/20 10:42:06 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2011/01/20 10:42:06 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2011/01/20 10:42:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2010/03/07 04:31:22 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/01/04 07:27:13 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/01/04 07:27:13 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/04 07:27:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2004/11/26 21:02:18 | 000,000,989 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/08/07 20:20:58 | 000,000,350 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2004/08/07 20:01:19 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2004/03/04 13:29:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/03/04 09:30:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/01/25 12:09:43 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/04 14:26:31 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\xp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/05 20:57:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/03/02 15:14:57 | 000,000,399 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2002/11/22 13:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/08/13 16:19:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/12 20:54:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/12 20:44:43 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/12 20:44:43 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/12 20:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/12 20:38:29 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/12 20:35:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/12 20:32:39 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/12 20:32:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/12 20:32:39 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/12 20:32:39 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/12 20:27:27 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/12 20:05:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/12 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/12 19:40:22 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/12 12:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.TOSHIBA-USER\Application Data\Drag'n Drop CD
[2002/08/12 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.TOSHIBA-USER\Application Data\InterTrust
[2004/03/06 21:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/09/13 12:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/02/15 17:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2004/03/06 21:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD
[2002/08/12 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Drag'n Drop CD
[2002/08/12 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterTrust
[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Drag'n Drop CD
[2002/08/12 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xp\Application Data\Drag'n Drop CD
[2002/08/12 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xp\Application Data\InterTrust
[2003/03/29 20:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xp\Application Data\InterVideo
[2003/04/09 20:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xp\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/02/20 10:26:14 | 000,000,886 | ---- | M] () -- C:\avenger.txt
[2011/02/07 21:53:12 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2011/02/19 19:36:54 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/04/13 22:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2011/02/20 10:27:42 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/11 17:56:55 | 000,004,887 | ---- | M] () -- C:\hpcmerr.log
[2004/03/04 14:49:19 | 000,000,526 | ---- | M] () -- C:\hpfr5550.xml
[2004/03/04 14:50:27 | 000,002,112 | ---- | M] () -- C:\hph7150.log
[2003/12/26 12:53:51 | 000,000,000 | -H-- | M] () -- C:\hpothb07.dat
[2003/12/26 12:53:51 | 000,000,000 | -H-- | M] () -- C:\hpothb07.tif
[2002/08/12 20:05:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/08/12 20:46:09 | 000,000,283 | -H-- | M] () -- C:\IPH.PH
[2009/12/25 07:52:46 | 000,000,501 | ---- | M] () -- C:\LOG1.log
[2011/01/19 19:54:48 | 000,000,475 | ---- | M] () -- C:\LOG2.log
[2009/12/25 08:02:05 | 000,000,475 | ---- | M] () -- C:\LOG3.log
[2002/08/12 20:05:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 20:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 22:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/20 10:27:35 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2011/02/19 19:01:44 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/02/19 12:47:19 | 000,039,452 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_19.02.2011_12.21.07_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2002/08/12 20:04:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/08 18:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/08/12 12:53:08 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/08/12 12:53:08 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/08/12 12:53:08 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/02/04 21:55:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/04 22:21:00 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/02/17 06:05:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\xp\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/19 18:52:05 | 004,271,240 | R--- | M] () -- C:\Documents and Settings\xp\Desktop\ComboFix.exe
[2011/02/19 16:49:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\MBRCheck.exe
[2011/02/20 14:33:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xp\Desktop\OTL.exe
[2011/02/19 13:49:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\xp\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2001/08/18 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/11/16 15:07:30 | 000,119,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100b325.sys
[2001/11/16 15:07:36 | 000,123,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100bnt5.sys
[2001/12/04 17:18:16 | 000,033,070 | ---- | M] () -- C:\WINDOWS\Driver Cache\E100bW2k.CAT
[2003/01/18 22:36:20 | 000,028,840 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
[2001/07/20 07:40:28 | 000,023,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\intelnic.dll
[2001/06/29 17:53:12 | 000,002,983 | ---- | M] () -- C:\WINDOWS\Driver Cache\Net82557.din
[2001/11/28 12:51:58 | 000,098,801 | ---- | M] () -- C:\WINDOWS\Driver Cache\Neti557x.inf
[2002/08/12 20:31:27 | 000,104,572 | ---- | M] () -- C:\WINDOWS\Driver Cache\neti557x.PNF
[2001/05/24 10:01:18 | 000,053,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\PROUnstl.exe
[2001/12/19 17:45:54 | 000,003,455 | ---- | M] () -- C:\WINDOWS\Driver Cache\README.TXT
[2001/12/19 17:49:06 | 000,147,456 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\Driver Cache\WALUC48.DLL
[2000/05/03 14:17:52 | 000,272,491 | ---- | M] (Wilson WindowWare, Inc.) -- C:\WINDOWS\Driver Cache\WBDBV32I.DLL
[2001/12/19 17:48:40 | 000,069,632 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\Driver Cache\WCLUC48.EXE
[2002/05/09 14:46:20 | 000,378,519 | ---- | M] () -- C:\WINDOWS\Driver Cache\wifi.exe
[2002/01/10 17:49:42 | 000,012,046 | ---- | M] () -- C:\WINDOWS\Driver Cache\wlluc48.cat
[2001/12/19 17:45:56 | 000,013,149 | ---- | M] () -- C:\WINDOWS\Driver Cache\WLLUC48.INF
[2003/01/18 22:36:20 | 000,024,532 | ---- | M] () -- C:\WINDOWS\Driver Cache\WLLUC48.PNF
[2001/12/19 17:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\Driver Cache\WLLUC48.SYS

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/04 22:21:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\xp\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/20 14:31:27 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\xp\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/12/01 00:26:54 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2007/12/01 00:25:32 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/02/07 15:10:20 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/02/07 15:09:54 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/02/07 15:09:54 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/02/07 15:10:20 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2007/12/01 00:25:46 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2007/11/30 16:41:24 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2007/12/01 00:26:40 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/29 05:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/02/07 15:09:42 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/02/07 15:09:42 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/02/07 15:09:42 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/02/07 15:10:02 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-05 01:27:56

< MD5 for: AC97INTC.SYS >
[2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\dllcache\ac97intc.sys
[2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\drivers\ac97intc.sys
[2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\ac97intc.sys

< MD5 for: ACPIEC.SYS >
[2001/08/18 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\dllcache\acpiec.sys
[2001/08/18 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\drivers\acpiec.sys

< MD5 for: ATMEPVC.SYS >
[2001/08/18 06:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\dllcache\atmepvc.sys
[2001/08/18 06:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys

< MD5 for: ATMUNI.SYS >
[2001/08/18 06:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\dllcache\atmuni.sys
[2001/08/18 06:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys

< MD5 for: CBIDF2K.SYS >
[2001/08/18 06:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\dllcache\cbidf2k.sys
[2001/08/18 06:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys

< MD5 for: CINEMST2.SYS >
[2001/08/18 06:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=B562592B7F5759C99E179CA467ECFB4C -- C:\WINDOWS\system32\dllcache\cinemst2.sys
[2001/08/18 06:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=B562592B7F5759C99E179CA467ECFB4C -- C:\WINDOWS\system32\drivers\cinemst2.sys

< MD5 for: CPQDAP01.SYS >
[2001/08/18 06:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\dllcache\cpqdap01.sys
[2001/08/18 06:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys

< MD5 for: DMLOAD.SYS >
[2001/08/18 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\dllcache\dmload.sys
[2001/08/18 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys

< MD5 for: E100BNT5.SYS >
[2001/11/16 15:07:36 | 000,123,152 | ---- | M] (Intel Corporation) MD5=809C53946BD6EC9F20CBBC8EBA2FB161 -- C:\WINDOWS\Driver Cache\e100bnt5.sys
[2001/11/16 15:07:36 | 000,123,152 | ---- | M] (Intel Corporation) MD5=809C53946BD6EC9F20CBBC8EBA2FB161 -- C:\WINDOWS\system32\drivers\e100bnt5.sys
[2001/11/16 15:07:36 | 000,123,152 | ---- | M] (Intel Corporation) MD5=809C53946BD6EC9F20CBBC8EBA2FB161 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\e100bnt5.sys

< MD5 for: FSVGA.SYS >
[2001/08/18 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\dllcache\fsvga.sys
[2001/08/18 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\drivers\fsvga.sys

< MD5 for: FTDISK.SYS >
[2001/08/18 06:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\dllcache\ftdisk.sys
[2001/08/18 06:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys

< MD5 for: HPHID411.SYS >
[2002/11/22 13:49:22 | 000,050,896 | ---- | M] (HP) MD5=A93AE4414505A8095EC4820C4312B5DF -- C:\Program Files\HP Photosmart 11\hphinstall\w2kio\HPHid411.sys
[2002/11/22 13:49:22 | 000,050,896 | ---- | M] (HP) MD5=A93AE4414505A8095EC4820C4312B5DF -- C:\WINDOWS\system32\drivers\hphid411.sys

< MD5 for: HPHIPR11.SYS >
[2002/11/22 13:49:22 | 000,016,112 | ---- | M] (HP) MD5=4F8681519EA48757148895811F2AA051 -- C:\Program Files\HP Photosmart 11\hphinstall\w2kio\HPHipr11.sys
[2002/11/22 13:49:22 | 000,016,112 | ---- | M] (HP) MD5=4F8681519EA48757148895811F2AA051 -- C:\WINDOWS\system32\drivers\hphipr11.sys

< MD5 for: HPHIUS11.SYS >
[2002/11/22 13:49:22 | 000,018,928 | ---- | M] (HP) MD5=C6608B2AFB2567F0FA6B4BD8837F1660 -- C:\Program Files\HP Photosmart 11\hphinstall\w2kio\HPHius11.sys
[2002/11/22 13:49:22 | 000,018,928 | ---- | M] (HP) MD5=C6608B2AFB2567F0FA6B4BD8837F1660 -- C:\WINDOWS\system32\drivers\hphius11.sys

< MD5 for: HPHS2K11.SYS >
[2002/11/22 13:49:22 | 000,050,276 | ---- | M] (Hewlett-Packard) MD5=DF0A7516E9F803C1C64796B81605495C -- C:\Program Files\HP Photosmart 11\hphinstall\w2kio\HPHs2k11.sys
[2002/11/22 13:49:22 | 000,050,276 | ---- | M] (Hewlett-Packard) MD5=DF0A7516E9F803C1C64796B81605495C -- C:\WINDOWS\system32\drivers\hphs2k11.sys

< MD5 for: HPZID412.SYS >
[2003/05/14 06:19:52 | 000,051,056 | R--- | M] (HP) MD5=287A63BD8509BD78E7978823B38AFA81 -- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\drivers\dot4\win2000\hpzid412.sys
[2003/05/14 06:19:52 | 000,051,056 | ---- | M] (HP) MD5=287A63BD8509BD78E7978823B38AFA81 -- C:\WINDOWS\system32\drivers\hpzid412.sys

< MD5 for: HPZIPR12.SYS >
[2003/05/14 06:19:54 | 000,016,496 | R--- | M] (HP) MD5=0B4FDA2657C3E0315EAA57F9C6D4FD1F -- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\drivers\dot4\win2000\hpzipr12.sys
[2003/05/14 06:19:54 | 000,016,496 | ---- | M] (HP) MD5=0B4FDA2657C3E0315EAA57F9C6D4FD1F -- C:\WINDOWS\system32\drivers\HPZipr12.sys

< MD5 for: HPZIUS12.SYS >
[2003/05/14 06:17:54 | 000,021,488 | R--- | M] (HP) MD5=29559DB25258B60510A60C4E470FCE32 -- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\drivers\dot4\win2000\hpzius12.sys
[2003/05/14 06:17:54 | 000,021,488 | ---- | M] (HP) MD5=29559DB25258B60510A60C4E470FCE32 -- C:\WINDOWS\system32\drivers\HPZius12.sys

< MD5 for: IPFLTDRV.SYS >
[2001/08/18 06:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\dllcache\ipfltdrv.sys
[2001/08/18 06:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys

< MD5 for: L8042PR2.SYS >
[2003/03/04 03:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) MD5=A006D66EDB128FB9AB940A903FDF792E -- C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\L8042PR2.SYS
[2003/03/04 03:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) MD5=A006D66EDB128FB9AB940A903FDF792E -- C:\WINDOWS\system32\drivers\L8042PR2.SYS

< MD5 for: LCCFLTR.SYS >
[2003/03/04 03:50:00 | 000,014,348 | ---- | M] (Logitech, Inc.) MD5=DCCE5CDF9680E2698137AE2B8ADD4E57 -- C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\LCCFLTR.SYS
[2003/03/04 03:50:00 | 000,014,348 | ---- | M] (Logitech, Inc.) MD5=DCCE5CDF9680E2698137AE2B8ADD4E57 -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS

< MD5 for: LHIDFLT2.SYS >
[2003/03/04 03:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) MD5=63B00A26F62572E0D58E6C8D3B32BF59 -- C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\LHIDFLT2.SYS
[2003/03/04 03:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) MD5=63B00A26F62572E0D58E6C8D3B32BF59 -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys

< MD5 for: LHIDUSB.SYS >
[2003/03/04 03:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) MD5=AC05A1B5C66D693B1598FD83617D1820 -- C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\LHIDUSB.SYS
[2003/03/04 03:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) MD5=AC05A1B5C66D693B1598FD83617D1820 -- C:\WINDOWS\system32\drivers\LHidUsb.sys

< MD5 for: LMOUFLT2.SYS >
[2003/03/04 03:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) MD5=03ABEF1A29ADDC98C32ED0F336B98E90 -- C:\Program Files\Logitech\MouseWare\Drivers\Win2k_XP\lmouflt2.sys
[2003/03/04 03:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) MD5=03ABEF1A29ADDC98C32ED0F336B98E90 -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys

< MD5 for: MCD.SYS >
[2001/08/18 06:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\dllcache\mcd.sys
[2001/08/18 06:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys

< MD5 for: MOUHID.SYS >
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\dllcache\mouhid.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\mouhid.sys

< MD5 for: MRTRATE.SYS >
[2000/05/31 15:20:34 | 000,034,712 | ---- | M] (Marimba, Inc.) MD5=770FC1D07B3C4EA960D52067A0740B09 -- C:\WINDOWS\system32\drivers\MrtRate.sys

< MD5 for: NIKEDRV.SYS >
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\dllcache\nikedrv.sys
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys

< MD5 for: NWLNKFLT.SYS >
[2001/08/18 06:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\dllcache\nwlnkflt.sys
[2001/08/18 06:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys

< MD5 for: NWLNKFWD.SYS >
[2001/08/18 06:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\dllcache\nwlnkfwd.sys
[2001/08/18 06:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys

< MD5 for: NWLNKNB.SYS >
[2001/08/18 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\dllcache\nwlnknb.sys
[2001/08/18 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys

< MD5 for: NWLNKSPX.SYS >
[2001/08/18 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\dllcache\nwlnkspx.sys
[2001/08/18 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys

< MD5 for: PXHELP20.SYS >
[2002/04/18 03:02:00 | 000,016,288 | ---- | M] (VERITAS Software, Inc.) MD5=42D4C34300405D9F377E55F5DDADD720 -- C:\WINDOWS\system32\drivers\pxhelp20.sys

< MD5 for: RAWWAN.SYS >
[2001/08/18 06:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\dllcache\rawwan.sys
[2001/08/18 06:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys

< MD5 for: RIO8DRV.SYS >
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\dllcache\rio8drv.sys
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys

< MD5 for: RIODRV.SYS >
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\dllcache\riodrv.sys
[2001/08/18 06:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys

< MD5 for: ROOTMDM.SYS >
[2001/08/18 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\dllcache\rootmdm.sys
[2001/08/18 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys

< MD5 for: SMCIRDA.SYS >
[2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) MD5=707647A1AA0EDB6CBEF61B0C75C28ED3 -- C:\WINDOWS\system32\dllcache\smcirda.sys
[2001/08/17 06:10:28 | 000,035,913 | ---- | M] (SMC) MD5=707647A1AA0EDB6CBEF61B0C75C28ED3 -- C:\WINDOWS\system32\drivers\smcirda.sys

< MD5 for: SMCLIB.SYS >
[2001/08/18 06:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\dllcache\smclib.sys
[2001/08/18 06:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys

< MD5 for: TOSDVD.SYS >
[2001/08/18 06:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\dllcache\tosdvd.sys
[2001/08/18 06:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys

< MD5 for: TSBVCAP.SYS >
[2001/08/18 06:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\dllcache\tsbvcap.sys
[2001/08/18 06:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys

< MD5 for: TVALD.SYS >
[2001/08/17 15:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) MD5=20B6BE2A69C7547A09F67C3E67A2BDD5 -- C:\WINDOWS\system32\drivers\TVALD.SYS

< MD5 for: TVALG.SYS >
[2001/09/13 20:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) MD5=80EBC386BD6F71E0B352C956492FD5BD -- C:\WINDOWS\system32\drivers\TVALG.SYS

< MD5 for: VDMINDVD.SYS >
[2001/08/18 06:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\dllcache\vdmindvd.sys
[2001/08/18 06:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys

< MD5 for: WLLUC48.SYS >
[2002/08/29 05:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:wlluc48.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:wlluc48.sys
[2002/08/29 05:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:wlluc48.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:wlluc48.sys
[2001/12/19 17:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) MD5=4A5E07A46DBFEEC185E025FF3FBE5D54 -- C:\WINDOWS\Driver Cache\WLLUC48.SYS
[2001/08/17 06:12:22 | 000,148,992 | ---- | M] (Lucent Technologies) MD5=BF3D5164613EBAE8AA91041AAF427A41 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\wlluc48.sys
[2002/08/29 00:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) MD5=DCA17912A1926AE427537648FC0E74D5 -- C:\WINDOWS\ServicePackFiles\i386\wlluc48.sys
[2002/08/29 00:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) MD5=DCA17912A1926AE427537648FC0E74D5 -- C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\wlluc48.sys
[2002/08/29 00:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) MD5=DCA17912A1926AE427537648FC0E74D5 -- C:\WINDOWS\system32\dllcache\wlluc48.sys
[2002/08/29 00:59:26 | 000,154,624 | ---- | M] (Lucent Technologies) MD5=DCA17912A1926AE427537648FC0E74D5 -- C:\WINDOWS\system32\drivers\wlluc48.sys

< End of report >
===============================================

OTL Extras logfile created on: 2/20/2011 2:37:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\xp\Desktop
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 50.00% Memory free
866.00 Mb Paging File | 599.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 11.23 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: xp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}" = Network Device Switch 3
"{3663DDE0-D8AE-11D3-9850-00C04F7AC096}" = YAMAHA AC-XG WDM
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{88CA774F-569E-11D6-A7DD-B142DCF5151F}" = Print Perfect DVD
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0988297-F961-4df7-B800-15BECDF02620}" = HP Photo and Imaging 1.2 - Photosmart Cameras
"{D43BB532-3537-4CE9-9CBB-92533BD29F0C}" = HP Software Update
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{DEC34F29-4DB5-4A9E-9F8F-F382CEFD50B0}" = PS240
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"3D Home Architect Deluxe 3.0" = 3D Home Architect® Deluxe 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AT&T Connection Services Software" = AT&T Connection Services Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"JDSecure" = JD Secure 3.1
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® Network Connections Drivers
"Quicken 2001 New User Edition" = Quicken 2001 New User Edition
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.91
"Shockwave" = Shockwave
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"Toshiba Access" = Toshiba Access
"Toshiba Power Saver" = TOSHIBA Power Saver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba System Stability Program" = Toshiba System Stability Program
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"Toshiba WinXP Registration" = Toshiba WinXP Registration
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.04.00
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2011 12:27:05 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:34:17 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:37:36 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:38:30 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2011 2:53:43 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 10.0.12.29, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2011 5:55:41 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

Error - 2/6/2011 6:39:18 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

Error - 2/7/2011 11:14:56 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11719
Description = Product: The Print Shop 20 -- Error 1719.The Windows Installer Service
could not be accessed. This can occur if you are running Windows in safe mode,
or if the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 2/8/2011 12:41:29 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 10.0.12.29, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2011 9:32:39 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

[ Application Events ]
Error - 2/5/2011 12:27:05 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:34:17 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:37:36 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.3264, faulting
module urlmon.dll, version 6.0.2900.3264, fault address 0x0003b5ce.

Error - 2/5/2011 12:38:30 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.3264, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2011 2:53:43 PM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 10.0.12.29, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2011 5:55:41 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

Error - 2/6/2011 6:39:18 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

Error - 2/7/2011 11:14:56 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11719
Description = Product: The Print Shop 20 -- Error 1719.The Windows Installer Service
could not be accessed. This can occur if you are running Windows in safe mode,
or if the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 2/8/2011 12:41:29 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application avcenter.exe, version 10.0.12.29, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/10/2011 9:32:39 PM | Computer Name = TOSHIBA-USER | Source = MsiInstaller | ID = 11706
Description = Product: The Print Shop 20 -- Error 1706. Installation has been canceled.
You may run this installation at a later time.

[ System Events ]
Error - 2/20/2011 1:10:44 AM | Computer Name = TOSHIBA-USER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 2/20/2011 1:10:44 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 2/20/2011 12:15:26 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/20/2011 12:17:37 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/20/2011 12:17:37 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/20/2011 12:17:56 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/20/2011 12:27:44 PM | Computer Name = TOSHIBA-USER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 2/20/2011 12:27:50 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/20/2011 12:30:08 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/20/2011 1:15:37 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

< End of report >

Back to top

#19 Broni Re: [RESOLVED] Windows Update problem

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 05:30 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 20 February 2011 - 09:25 PM

First of all, those files listed in RKUnhooker seem to check out, so we can disregard that.

=============================================================================================================================

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

====================================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=======================================================================================================

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Back to top

#20 Morgan Re: [RESOLVED] Windows Update problem

Member

14 posts
Joined: February 16, 2011
1 topics
Skin: IP.Board
Local time: 06:30 AM

Zodiac:Virgo
OS:Windows 7
Country:

Offline

:

Posted 21 February 2011 - 01:15 AM

OK, the pc is still running fine (sounds like a dot matrix printer, lol).I do appreciate your help on this Broni. Here are the logs..

All processes killed
========== OTL ==========
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.TOSHIBA-USER
->Temp folder emptied: 3321003 bytes
->Temporary Internet Files folder emptied: 70726 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: xp
->Temp folder emptied: 25584093 bytes
->Temporary Internet Files folder emptied: 49191292 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 997 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.TOSHIBA-USER

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Owner

User: xp
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02202011_182612

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

===================================================

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 4
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````