Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

OS Frequently Crashes, Not Recognizing Driver Updates

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 27th, 2010, 5:09 pm

Hi briolette,

I finally burned a proper CD


Good.

an appropriate update source cannot be found


You will need a working Internet connection for the updates to complete, if you are connected via a router can you connect the computer to the router using a cable? (as wireless may not work when using the boot CD)
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 27th, 2010, 6:44 pm

deltalima, we do have a wireless setup here, and I must confess, I wouldn't have a clue as to how to go about hooking up to the router. If we can postpone this step until Monday morning, I will call our ISP and inquire.
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 27th, 2010, 7:13 pm

Hi briolette,

I will call our ISP and inquire.


I doubt that the ISP would be willing to support a Linux based boot CD.

The other alternative way of running a Kaspersky scan would be to use the Kaspersky Virus Removal Tool

Please goto http://support.kaspersky.com/viruses/av ... 10?level=2 and follow the instructions.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 27th, 2010, 11:09 pm

Hi, deltalima...I've completed the latest Kaspersky scan that you provided. Assuming that it produces one, can you guide me to the log, please?
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 28th, 2010, 10:48 am

Hi briolette,

Assuming that it produces one, can you guide me to the log, please?


Please run another OTL scan and post OTL.txt, that should show us where the log has been saved.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 28th, 2010, 12:56 pm

Hello, deltalima. Kaspersky has a "Manual Disinfection" tab which generates a system information, log report for Technical Support. In a zip file under "LOG", there are two reports: an HTML, "Results of System Analysis" and another XTL that's rather garbled when I open it. The HTML document might be what you're looking for, however, I don't seem to be able to copy it. I just wanted to let you know this before I return with OTL results.
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 28th, 2010, 1:23 pm

OTL logfile created on: 3/28/2010 1:16:12 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\howfrank\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 354.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.37 Gb Total Space | 78.08 Gb Free Space | 74.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOWFRANK-PC
Current User Name: howfrank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\howfrank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\howfrank\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2010_00-48[1]\setup_9.0.0.722_28.03.2010_00-48[1].exe (Kaspersky Lab)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
PRC - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe (Sprint Spectrum, L.L.C)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)


========== Modules (SafeList) ==========

MOD - C:\Users\howfrank\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (V) -- File not found
SRV - (PORGN) -- File not found
SRV - (LIUMDRYPAP) -- File not found
SRV - (HMEMLRYSF) -- File not found
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dldoCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe ()
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (Pantech Utility Service) -- C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe (Sprint Spectrum, L.L.C)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/index.php?lh=ad ... f9020becd&
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\howfrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.03.2010_00-48[1].lnk = C:\Users\howfrank\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2010_00-48[1]\startup.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/27 20:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/03/27 20:02:56 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\0305235.sys
[2010/03/27 20:02:56 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\03052351.sys
[2010/03/27 20:02:56 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\03052352.sys
[2010/03/27 20:02:55 | 000,000,000 | ---D | C] -- C:\Users\howfrank\Desktop\Virus Removal Tool
[2010/03/25 10:55:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/25 10:45:59 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/03/25 10:45:08 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\howfrank\Desktop\Rooter.exe
[2010/03/24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\howfrank\Desktop\RootkitRevealer
[2010/03/24 17:48:16 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\howfrank\Desktop\OTL.exe
[2010/01/06 14:18:00 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2010/01/06 14:18:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2010/01/06 14:18:00 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2010/01/06 14:18:00 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2010/01/06 14:18:00 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2010/01/06 14:18:00 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2010/01/06 14:18:00 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2010/01/06 14:18:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2010/01/06 14:17:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2010/01/06 14:17:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2010/01/06 14:17:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/28 13:16:16 | 001,572,864 | -HS- | M] () -- C:\Users\howfrank\ntuser.dat
[2010/03/28 12:33:41 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utm5odix.sys
[2010/03/28 12:30:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 12:30:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 12:30:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 12:30:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 12:29:00 | 000,524,288 | -HS- | M] () -- C:\Users\howfrank\ntuser.dat{77c4447f-6621-11dd-9558-a12f6f622c63}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 12:29:00 | 000,065,536 | -HS- | M] () -- C:\Users\howfrank\ntuser.dat{77c4447f-6621-11dd-9558-a12f6f622c63}.TM.blf
[2010/03/28 12:28:51 | 003,074,276 | -H-- | M] () -- C:\Users\howfrank\AppData\Local\IconCache.db
[2010/03/28 12:11:12 | 000,000,216 | ---- | M] () -- C:\Users\howfrank\Desktop\MalWare Removal • View topic - OS Frequently Crashes, Not Recognizing Driver Updates.url
[2010/03/27 20:04:48 | 000,002,230 | ---- | M] () -- C:\Users\howfrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.03.2010_00-48[1].lnk
[2010/03/27 09:51:26 | 120,985,600 | ---- | M] () -- C:\Users\howfrank\Desktop\kav_rescue_2008.iso
[2010/03/26 15:33:06 | 000,014,848 | ---- | M] () -- C:\Users\howfrank\Desktop\2010 Salvation Army Donations.wps
[2010/03/26 15:33:06 | 000,000,434 | ---- | M] () -- C:\Users\howfrank\AppData\Roaming\wklnhst.dat
[2010/03/25 10:45:12 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\howfrank\Desktop\Rooter.exe
[2010/03/24 20:24:40 | 000,231,390 | ---- | M] () -- C:\Users\howfrank\Desktop\RootkitRevealer.zip
[2010/03/24 18:07:42 | 000,293,376 | ---- | M] () -- C:\Users\howfrank\Desktop\ykfp8n8t.exe
[2010/03/24 17:48:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\howfrank\Desktop\OTL.exe
[2010/03/22 09:02:00 | 000,000,206 | ---- | M] () -- C:\Users\howfrank\Desktop\Kennedy Krieger Institute Nursing Department.url
[2010/03/18 18:10:04 | 000,769,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/18 18:10:04 | 000,653,380 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/18 18:10:04 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/16 09:47:43 | 000,001,845 | ---- | M] () -- C:\Users\howfrank\Desktop\HijackThis.lnk
[2010/03/15 05:05:05 | 000,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2010/03/15 05:04:26 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/27 23:13:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm5odix.sys
[2010/03/27 20:04:48 | 000,002,230 | ---- | C] () -- C:\Users\howfrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.03.2010_00-48[1].lnk
[2010/03/27 09:51:19 | 120,985,600 | ---- | C] () -- C:\Users\howfrank\Desktop\kav_rescue_2008.iso
[2010/03/24 20:24:37 | 000,231,390 | ---- | C] () -- C:\Users\howfrank\Desktop\RootkitRevealer.zip
[2010/03/24 18:18:07 | 000,000,216 | ---- | C] () -- C:\Users\howfrank\Desktop\MalWare Removal • View topic - OS Frequently Crashes, Not Recognizing Driver Updates.url
[2010/03/24 18:07:35 | 000,293,376 | ---- | C] () -- C:\Users\howfrank\Desktop\ykfp8n8t.exe
[2010/03/22 13:26:12 | 000,014,848 | ---- | C] () -- C:\Users\howfrank\Desktop\2010 Salvation Army Donations.wps
[2010/03/16 09:47:43 | 000,001,845 | ---- | C] () -- C:\Users\howfrank\Desktop\HijackThis.lnk
[2010/03/15 05:04:22 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/01/06 14:25:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2010/01/06 14:25:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2010/01/06 14:25:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2010/01/06 14:25:33 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2010/01/06 14:18:00 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2010/01/06 14:18:00 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2010/01/06 14:18:00 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2010/01/06 14:18:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2010/01/06 14:17:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2010/01/06 14:17:59 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2010/01/06 14:17:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2010/01/06 14:17:59 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2010/01/06 14:17:59 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2010/01/06 14:17:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2010/01/06 14:17:58 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2009/09/26 09:21:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/13 18:05:39 | 000,000,434 | ---- | C] () -- C:\Users\howfrank\AppData\Roaming\wklnhst.dat
[2008/06/18 13:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/02/16 21:23:41 | 000,000,262 | ---- | C] () -- C:\Users\howfrank\AppData\Roaming\WinssCookie.txt
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/09/06 17:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 15:51:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/08/03 14:08:52 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2007/07/09 18:57:17 | 000,024,576 | ---- | C] () -- C:\Users\howfrank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 17:45:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2007/01/05 19:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/01/05 19:16:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af65-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000002.regtrans-ms
[2007/01/05 19:16:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af65-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms
[2007/01/05 19:16:26 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af65-9d0b-11db-8678-0016d42a45f8}.TM.blf
[2007/01/05 19:16:25 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af55-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000002.regtrans-ms
[2007/01/05 19:16:25 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af55-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms
[2007/01/05 19:16:25 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/01/05 19:16:25 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0dd9af55-9d0b-11db-8678-0016d42a45f8}.TM.blf
[2007/01/05 19:16:25 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/01/05 19:16:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/01/05 18:59:02 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/01/05 18:59:02 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/01/05 18:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/01/05 18:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/01/05 18:59:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/01/05 18:59:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/01/05 18:35:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/01/05 18:35:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/01/05 18:35:11 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/01/05 18:35:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/29 01:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 11:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 21:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 19:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/08/01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 18:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/06 15:10:55 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\968 Series
[2007/07/14 11:25:15 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\InterVideo
[2009/03/13 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\Template
[2010/03/20 09:48:15 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\Toshiba
[2007/07/20 11:41:24 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\Ulead Systems
[2007/07/17 12:39:18 | 000,000,000 | ---D | M] -- C:\Users\howfrank\AppData\Roaming\WildTangent
[2010/03/28 12:29:11 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 28th, 2010, 4:05 pm

Hi briolette,

The HTML document might be what you're looking for, however, I don't seem to be able to copy it


Does the report show any infected files have been detected ?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 28th, 2010, 4:35 pm

Hi, deltalima...can you copy this link into your browser and see if the Sysytem Info page comes up, please?

C:\Users\howfrank\AppData\Local\Temp\Temp1_avptool_sysinfo.zip\avz_sysinfo.htm
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 28th, 2010, 4:43 pm

Hi briolette,

C:\Users\howfrank\AppData\Local\Temp\Temp1_avptool_sysinfo.zip\avz_sysinfo.htm


That's the path to a file on your computer and so not visible to me. Please give a brief summary of the scan results.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 28th, 2010, 5:23 pm

The "detailed report" from scan simply states:

Autoscan completed 18 hrs ago (events; 2, objects: 390572, time: 02:29:51)

This is listed under "Suspicious Objects" on the System Analysis Report:

Main script of analysis
Windows version: Windows Vista (TM) Home Premium, Build=6002, SP="Service Pack 2"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 00CD0010<>76071C28
IAT modification detected: GetModuleFileNameA - 00CD0080<>760BB6BD
IAT modification detected: GetModuleFileNameW - 00CD00F0<>760BB27E
IAT modification detected: CreateProcessW - 00CD0160<>76071BF3
IAT modification detected: LoadLibraryW - 00CD0240<>76099362
IAT modification detected: LoadLibraryA - 00CD0320<>760994DC
IAT modification detected: GetProcAddress - 00CD0390<>760B903B
IAT modification detected: FreeLibrary - 00CD0400<>760B3DB4
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=12C8C0)
Kernel ntoskrnl.exe found in memory at address 8244A000
SDT = 825768C0
KiST = 824B78D0 (391)
Function NtCreateThread (4E) intercepted (826D26B8->A61B947C), hook not defined
Function NtOpenProcess (C2) intercepted (8261254A->A61B9468), hook not defined
Function NtOpenThread (C9) intercepted (82667247->A61B946D), hook not defined
Function NtTerminateProcess (14E) intercepted (82662F7F->A61B9477), hook not defined
Functions checked: 391, intercepted: 4, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
System Analysis in progress
System Analysis - complete
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby deltalima » March 29th, 2010, 9:15 am

Hi briolette,

All the investigations we have done have failed to detect any form of malware on the computer. It is likely that the problems are caused by some form of registry corruption.

Please Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs. and remove the Kaspersky tool.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If faced with a computer showing the symptoms you are experiencing I would personally choose to reformat the hard disk and reinstall Windows.

If this is not an option then I would suggest one of the following sites that deal with more general computer issues.

Tech support guy


And

What the tech

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby briolette » March 29th, 2010, 10:27 am

Hello, deltalima. Thank you, ever so much, for all of your help...and patience. I hope that my last entry was of some value - I was skeptical being totally unfamiliar with that particular tool. In addition, I sincerely appreciate your final recommendation for getting help with my registry repair. I hope that something can be done to accomplish this.

Again, thank you, deltalima.
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: OS Frequently Crashes, Not Recognizing Driver Updates

Unread postby Gary R » March 29th, 2010, 4:43 pm

As your problems do not appear to be Malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware