Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to access Windows Update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to access Windows Update

Unread postby mgpatton4 » August 7th, 2010, 1:18 am

Problem description: I am unable to access Windows Update, and also I can't update Trend Micro Internet Security. In the case of the former I receive error number 80072EFE; Trend Micro simply errors out saying that it can't connect. I get occasional browser redirects (IE8 and FireFox 3.6) and 404 errors to valid domains.

HJT 2.0.4 log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:46 PM, on 8/6/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7EBD47-9ED6-43AF-8B09-598C4A1B3F6F}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS1\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS2\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apricorn Scheduler Service (AcrSch2Svc) - Apricorn - C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fix-It Task Manager - Avanquest Software - C:\PROGRA~1\AVANQU~2\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14640 bytes

Uninstall list log:

Actiontec Gateway
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader 8.2.3
Advertising Center
AI RoboForm (All Users)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Apricorn EZ Gig II
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Avanquest update
Belkin F5D8073 N Wireless ExpressCard Adapter
Bonjour
Brother MFL-Pro Suite MFC-490CW
Canon iP6600D
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
D-Link D-ViewCam
DolbyFiles
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
Eraser 5.8.7
Fix-It Utilities 10 Professional
FretlightStudio.exe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HDHomeRun
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 21
KhalInstallWrapper
Logitech Harmony Remote Software 7
Logitech SetPoint
Logitech Vid
Mahjongg Master 5
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Movie Templates - Starter Kit
Mozilla Firefox (3.6.8)
MSN
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NDAS Software 3.72.2080
Nero 9
Nero 9 Trial
Nero BackItUp 4
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
OGA Notifier 2.0.0048.0
PaperPort Image Printer
PFPortChecker 1.0.28
Picasa 3
PS-Utility
QNAP Finder
QuickConnect
Quicken 2009
QuickTime
Qwest QuickAssist Desktop Tools
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
Remote Control USB Driver
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Setup Wizard SE
SlingPlayer
SlingPlayer
Sony Ericsson PC Suite 4.010.00
SoundTrax
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Trend Micro Internet Security
Trend Micro Internet Security
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx Support Manager for Internet Explorer
WebSlingPlayer ActiveX
WIDCOMM Bluetooth Software 6.1.0.4400
Windows Live ID Sign-in Assistant
Yahoo! Messenger
Yahoo! Software Update

Any help you can provide would be greatly appreciated!
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am
Advertisement
Register to Remove

Re: Unable to access Windows Update

Unread postby askey127 » August 9th, 2010, 8:27 am

Hi mgpatton4,
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (right click and choose "Run as administrator")
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7EBD47-9ED6-43AF-8B09-598C4A1B3F6F}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS1\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CS2\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208


Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Adobe Reader 8.2.3
Advertising Center

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
Go HERE and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it (right click it and "Run as administrator")to install the latest version of Adobe Reader.[/list]
----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 9th, 2010, 9:54 pm

I did as you instructed, however there was no program called Advertising Center in Control Panel.

Here is the log.txt file:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mike at 2010-08-09 19:32:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 205 GB (69%) free of 298 GB
Total RAM: 2813 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:33:19 PM, on 8/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mike\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike\Desktop\Mike.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apricorn Scheduler Service (AcrSch2Svc) - Apricorn - C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fix-It Task Manager - Avanquest Software - C:\PROGRA~1\AVANQU~2\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13813 bytes

======Scheduled tasks folder======

C:\Windows\tasks\e5877002.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000UA.job
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-06-26 6042176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-07-17 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-03 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-06-26 6042176]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"cfFncEnabler.exe"=cfFncEnabler.exe []
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-07-19 1020248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-29 1085440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-13 202256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-15 448080]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-03-19 716800]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-02-06 431456]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2009-06-10 334224]
"Logitech Vid"=C:\Program Files\Logitech\Logitech Vid\Vid.exe [2010-05-11 6061400]
"Google Update"=C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 135664]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-06-26 160328]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-29 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-09 19:32:59 ----D---- C:\rsit
2010-08-09 18:52:15 ----SHD---- C:\Config.Msi
2010-08-06 21:06:20 ----D---- C:\Windows\system32\catroot2
2010-08-06 21:00:05 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_21.00.05_log.txt
2010-08-06 20:47:23 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_20.47.23_log.txt
2010-08-06 20:34:31 ----A---- C:\TDSSKiller.2.4.1.0_06.08.2010_20.34.31_log.txt
2010-08-04 07:20:04 ----D---- C:\ProgramData\Silicondust
2010-08-04 07:16:02 ----D---- C:\Users\Mike\AppData\Roaming\Silicondust
2010-08-04 07:15:47 ----D---- C:\Program Files\Silicondust
2010-07-30 17:57:20 ----D---- C:\Program Files\iPod
2010-07-30 17:57:15 ----D---- C:\Program Files\iTunes
2010-07-26 20:27:36 ----A---- C:\Windows\system32\javaws.exe
2010-07-26 20:27:36 ----A---- C:\Windows\system32\javaw.exe
2010-07-26 20:27:36 ----A---- C:\Windows\system32\java.exe
2010-07-23 17:18:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-23 17:17:17 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-07-23 17:12:02 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-21 18:33:01 ----D---- C:\Program Data
2010-07-19 19:14:46 ----D---- C:\ProgramData\Trend Micro
2010-07-19 19:14:32 ----D---- C:\Program Files\Trend Micro
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\VsapiNT.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmxpflt.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmwfp.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmtdi.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmpreflt.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmlwf.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmevtmgr.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmcomm.sys
2010-07-19 19:09:59 ----A---- C:\Windows\system32\drivers\tmactmon.sys
2010-07-16 18:38:29 ----HD---- C:\Windows\PIF
2010-07-16 18:16:12 ----A---- C:\Windows\system32\drivers\Tmfilter.sys
2010-07-10 15:57:10 ----D---- C:\Windows\Sun
2010-07-10 10:26:04 ----D---- C:\Users\Mike\AppData\Roaming\GARMIN

======List of files/folders modified in the last 1 months======

2010-08-09 19:33:02 ----D---- C:\Windows\Prefetch
2010-08-09 19:25:53 ----D---- C:\Windows\Temp
2010-08-09 19:08:00 ----D---- C:\Windows
2010-08-09 19:00:56 ----SHD---- C:\Windows\Installer
2010-08-09 19:00:55 ----D---- C:\ProgramData\Adobe
2010-08-09 19:00:33 ----D---- C:\Program Files\Common Files\Adobe
2010-08-09 19:00:22 ----D---- C:\Program Files\Adobe
2010-08-09 19:00:08 ----D---- C:\Windows\System32
2010-08-09 18:53:20 ----D---- C:\Windows\winsxs
2010-08-08 21:47:59 ----HD---- C:\_Backup
2010-08-07 14:10:09 ----D---- C:\Windows\system32\Service
2010-08-07 14:10:08 ----D---- C:\Windows\system32\drivers
2010-08-06 22:42:40 ----SD---- C:\Windows\Downloaded Program Files
2010-08-06 22:42:40 ----D---- C:\ProgramData\webex
2010-08-06 22:21:53 ----D---- C:\Program Files\Google
2010-08-06 21:01:35 ----D---- C:\Windows\system32\drivers\etc
2010-08-04 07:20:04 ----HD---- C:\ProgramData
2010-08-04 07:15:47 ----RD---- C:\Program Files
2010-08-04 07:15:47 ----D---- C:\Windows\inf
2010-07-31 21:04:27 ----D---- C:\Windows\Minidump
2010-07-31 18:59:05 ----SHD---- C:\$RECYCLE.BIN
2010-07-31 18:41:38 ----A---- C:\Windows\system32\ernel32.dll
2010-07-30 17:57:18 ----D---- C:\Program Files\Common Files\Apple
2010-07-30 17:43:40 ----D---- C:\Program Files\The Rosetta Stone
2010-07-30 17:43:10 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-30 17:42:46 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2010-07-29 20:44:56 ----D---- C:\Program Files\Java
2010-07-29 20:44:56 ----D---- C:\Program Files\Common Files\Java
2010-07-29 20:30:43 ----D---- C:\Program Files\Common Files\Logishrd
2010-07-29 20:30:20 ----D---- C:\Windows\system32\catroot
2010-07-29 20:27:12 ----D---- C:\Program Files\Logitech
2010-07-29 20:26:25 ----D---- C:\Program Files\Common Files\LWS
2010-07-29 20:12:43 ----D---- C:\Windows\system32\logishrd
2010-07-29 20:00:41 ----D---- C:\Program Files\imeem
2010-07-29 19:56:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-29 19:53:18 ----SD---- C:\Users\Mike\AppData\Roaming\Microsoft
2010-07-26 20:22:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-24 09:07:59 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 17:18:19 ----D---- C:\Program Files\Common Files
2010-07-23 17:17:13 ----D---- C:\Users\Mike\AppData\Roaming\Adobe
2010-07-23 17:11:39 ----RSD---- C:\Windows\Fonts
2010-07-22 18:02:40 ----D---- C:\Program Files\Yahoo!
2010-07-21 18:37:43 ----D---- C:\Users\Mike\AppData\Roaming\Yahoo!
2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-14 19:19:03 ----D---- C:\Windows\system32\WDI
2010-07-12 18:10:53 ----D---- C:\Windows\system32\Tasks
2010-07-12 18:10:50 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 lfsfilt;NDAS Lean File Sharing Service; C:\Windows\system32\DRIVERS\lfsfilt.sys [2010-01-13 556008]
R0 lpx;LPX Protocol; C:\Windows\system32\DRIVERS\lpx6x.sys [2010-01-13 120296]
R0 ndasfs;ndasfs; C:\Windows\system32\DRIVERS\ndasfs.sys [2010-01-13 562152]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2009-04-11 120688]
R0 timounter;Apricorn EZ Gig II Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-04-11 400560]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-04-10 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R1 ndasfat;NDAS FAT File System Service; C:\Windows\system32\DRIVERS\ndasfat.sys [2010-01-13 461288]
R1 ndasrofs;NDAS ROFS File System Service; C:\Windows\system32\DRIVERS\ndasrofs.sys [2010-01-13 791528]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2010-07-19 146448]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-07-19 89872]
R2 tifsfilter;Apricorn EZ Gig II FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-04-11 39376]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-07-19 158224]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2010-07-19 283152]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-23 3551232]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-01-28 81960]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-01-28 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-28 29736]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-01-28 17448]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 ndasbus;NDAS Bus Driver; C:\Windows\system32\DRIVERS\ndasbus.sys [2010-01-13 385512]
R3 ndasscsi;NDAS SCSI Miniport Driver; C:\Windows\system32\DRIVERS\ndasscsi.sys [2010-01-13 377320]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-06 140800]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-14 24200]
R3 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-07-19 59920]
R3 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 50704]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys []
S3 LVUVC;QuickCam Pro for Notebooks(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SVRPEDRV;SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
S3 WSIMD;wsimd Service; C:\Windows\system32\DRIVERS\wsimd.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Apricorn Scheduler Service; C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe [2007-10-09 410856]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-03-06 20376]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-23 671744]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-02-08 518696]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 Fix-It Task Manager;Fix-It Task Manager; C:\PROGRA~1\AVANQU~2\Fix-It\mxtask.exe [2010-02-05 529688]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2010-01-13 247784]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-07-19 715368]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
R2 sprtlisten;SupportSoft Listener Service; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-10-23 66928]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-04-11 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2010-07-19 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-07-19 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-07-19 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 182768]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-23 867080]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-01-08 394608]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S4 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-01-29 165416]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
S4 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]

-----------------EOF-----------------

Here is the contents of info.txt:

info.txt logfile of random's system information tool 1.08 2010-08-09 19:33:35

======Uninstall list======

-->"C:\Program Files\TOSHIBA Games\Battlestar Galactica\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"
-->MsiExec.exe /X{4B45B12B-CD31-4235-9D44-03A368510635}
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {395A57A6-E0E1-C599-3A28-19A96682B4C6}
Adobe Photoshop.com Inspiration Browser-->MsiExec.exe /I{395A57A6-E0E1-C599-3A28-19A96682B4C6}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Apricorn EZ Gig II-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0009 -removeonly
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
Belkin F5D8073 N Wireless ExpressCard Adapter-->C:\Program Files\InstallShield Installation Information\{6CA19AED-BDAE-4874-A9A3-BE1D03EC40A9}\setup.exe -runfromtemp -l0x0409
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9_C2 -removeonly
Canon iP6600D-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6600D\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6600D /L0x0009
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Citrix Presentation Server Client-->MsiExec.exe /I{E89956F9-5B89-470E-818D-BD46102D0A01}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link D-ViewCam-->C:\Program Files\InstallShield Installation Information\{1D3F45AA-5F50-46BB-AFFD-6012508625E0}\setup.exe -runfromtemp -l0x0409
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x9 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Eraser 5.8.7-->"C:\Program Files\Eraser\unins000.exe"
Fix-It Utilities 10 Professional-->MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
FretlightStudio.exe-->"C:\Program Files\Fretlight Studio 4.0\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDHomeRun-->MsiExec.exe /X{5919420E-B18A-4DE2-8501-EA0F8E4B4955}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Mahjongg Master 5-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NDAS Software 3.72.2080-->MsiExec.exe /I{EBA04232-8CDA-4900-A36E-9E5CC4AF3254}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-02A7-L6Z2-HM45-01UL-11EK-UL45-4U10"
Nero BackItUp 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M11-0297-KK74-0KE0-APUP-7W8X-4M5X-29CU"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PS-Utility-->C:\Windows\uninst.exe -f"C:\Program Files\TRENDnet\PS Utility\DeIsL1.isu"
QNAP Finder-->"C:\Program Files\QNAP\Finder\uninstall.exe"
QuickConnect-->C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Qwest QuickAssist Desktop Tools-->MsiExec.exe /I{A63E18AC-B504-4045-AFE6-A279BBABB988}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Setup Wizard SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{405D8563-BDD7-487C-9498-942518B366BE}\Setup.exe" -l0x9
SlingPlayer-->"C:\Program Files\InstallShield Installation Information\{3D08333C-C366-425D-8C2D-D05630D68A46}\setup.exe" -runfromtemp -l0x0409 -removeonly
SlingPlayer-->MsiExec.exe /X{3D08333C-C366-425D-8C2D-D05630D68A46}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B}
TOSHIBA Games-->"C:\Program Files\TOSHIBA Games\Uninstall.exe"
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x9
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WebSlingPlayer ActiveX-->"C:\ProgramData\Sling Media\WebSlingPlayer\{C733B09B-518A-404E-B44E-59A09FF75955}\WBSPIESetup.exe" -u Uninstall.ini -d SlingPlayerAX.dll
WIDCOMM Bluetooth Software 6.1.0.4400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

=====HijackThis Backups=====

O17 - HKLM\System\CCS\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7EBD47-9ED6-43AF-8B09-598C4A1B3F6F}: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F31E43-512B-499E-AAA1-E7828F7C5D43}: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CS2\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CS1\Services\Tcpip\..\{15E81A8C-A5C4-477B-9638-62576BC54531}: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208 [2010-08-09]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Laptop
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 169305
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100326032341.640422-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Laptop
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 169141
Source Name: volmgr
Time Written: 20100326000446.428959-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 169137
Source Name: volmgr
Time Written: 20100326000434.073680-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 2
Message: Bluetooth HID device (00:07:61:96:80:4c) either went out of range or became unresponsive.
Record Number: 169129
Source Name: HidBth
Time Written: 20100325132536.282300-000
Event Type: Warning
User:

Computer Name: Laptop
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 169098
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100325130923.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Laptop
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b467e337-49bb-4211-899a-cdbb759f3ee5}
Record Number: 5455
Source Name: VSS
Time Written: 20090411224624.000000-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b467e337-49bb-4211-899a-cdbb759f3ee5}
Record Number: 5448
Source Name: VSS
Time Written: 20090411223125.000000-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 5441
Source Name: Microsoft-Windows-WMI
Time Written: 20090411222504.000000-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18702 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 14e4 Start Time: 01c9bab622e1bfd2 Termination Time: 21
Record Number: 5419
Source Name: Application Hang
Time Written: 20090411172634.000000-000
Event Type: Error
User:

Computer Name: Laptop
Event Code: 1002
Message: The program SlingPlayer.exe version 2.0.2.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 123c Start Time: 01c9babba84998f2 Termination Time: 79
Record Number: 5417
Source Name: Application Hang
Time Written: 20090411172543.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Laptop
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 55907
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090831125528.318165-000
Event Type: Audit Success
User:

Computer Name: Laptop
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 55906
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090831125528.318165-000
Event Type: Audit Success
User:

Computer Name: Laptop
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 55905
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090831125528.021763-000
Event Type: Audit Success
User:

Computer Name: Laptop
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 55904
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090831125528.021763-000
Event Type: Audit Success
User:

Computer Name: Laptop
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 55903
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090831125528.021763-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 10th, 2010, 6:41 am

mgpatton4,
I see you have run TDSSKiller in the past.
It's a good idea to let the helper know about the prior use of specialized tools.
-----------------------------------------------------------
Run a File Search
Press Start-> All programs > accessories > Run
Copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "advertising" >> "%userprofile%\desktop\look.txt"

A blank command window will open on your desktop, then close in a minute or two. This is normal.
A file called look.txt should appear on your Desktop. Please post the contents of this file.
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open, then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue. If you cannot get one of the downloads to work for you, try one of the other links.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents. The logs are listed and named by time/date stamp.

So we are looking for the log from Malwarebytes' Anti-Malware, and the contents of look.txt on your desktop.
Tell me about your ability to update Trend Micro and Windows updates, and any redirects you see.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 10th, 2010, 9:12 pm

Hi askey127,

Sorry for not telling you previously about TDSSKiller earlier; before I contacted you I did some research on the error message generated by Windows Update and saw that some people had success with this tool. It didn't work for me.

The file look.txt is empty. I ran the command line instruction twice to verify.

I ran Rkill and a log was generated. You didn't ask for this, but in case this may provide some clues I've copied the log here:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Mike on 08/10/2010 at 18:33:10.


Processes terminated by Rkill or while it was running:


C:\Users\Mike\AppData\Roaming\czqvcv.exe
C:\Users\Mike\Desktop\rkill.scr


Rkill completed on 08/10/2010 at 18:33:29.

Here is the MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4417

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/10/2010 6:55:16 PM
mbam-log-2010-08-10 (18-55-16).txt

Scan type: Quick scan
Objects scanned: 148272
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b0f31e43-512b-499e-aaa1-e7828f7c5d43}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.228,93.188.166.208 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-2648317281-1878308405-4135220662-1000\$RRKPF3U.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\System32\ernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

One additional thing, and this has happened before. I should have remembered to tell you about this earlier -- I've been getting a window pop-up with the following information during the time my computer has had this malware problem (this is the verbatim text from the window):

C:\Users\Mike\AppData\Local\Temp\WINSER~1.EXE
The NTVDM CPU has encountered an illegal instruction.
CS:1202 IP:0165 OP:8e bd e2 cb 06 Choose 'Close' to terminate the application.

This is accompanied by an DOS command window, which is empty and closes when I close the error message box. This happened tonight as I was performing the malware removal steps above, but in the past when it has appeared it doesn't appear to be related to anything I'm running or doing.

Finally, I am able to run Windows Update now as well as the Trend Micro updates. I have not noticed any redirects since performing the malware removal steps from yesterday. Thanks for your help!
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 11th, 2010, 6:49 am

mgpatton4
-------------------------------------------
We need to clear old System Restore Points that may have infections saved in them.

Reset System Restore Points
Click Start, Right Click on Computer, and select Properties.
In the left pane, click System Protection.
UNcheck the box labeled Local Disk C:
When asked if you are sure you want to turn off System restore, click Turn System Restore Off
Click Apply and OK.
-------------------------------
Now Reboot Your Machine
-------------------------------
Click Start, Right Click on Computer, and select Properties.
In the left pane, click System Protection.
Check the box labeled Local Disk C:
Click Apply and OK.
-----------------------------------------------------
As an extra precaution, we can look for any other items that may be left over.
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 13th, 2010, 3:28 pm

Hi askey127,

Sorry for the delay. When I first ran the scan, my computer crashed during the night and I had to run it again. It takes many hours for the scann to complete.

Here is the log from the scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 13, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 13, 2010 07:25:30
Records in database: 4132204
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
N:\
O:\

Scan statistics:
Objects scanned: 203164
Threats found: 5
Infected objects found: 31
Suspicious objects found: 0
Scan duration: 05:55:49


File name / Threat / Threats count
C:\$RECYCLE.BIN\S-1-5-21-2648317281-1878308405-4135220662-1000\$RN7UUQA.exe Infected: Trojan.Win32.Buzus.epmh 1
C:\Users\Administrator\AppData\Roaming\9d024476.exe Infected: Backdoor.Win32.TDSS.uo 1
C:\Users\Administrator\AppData\Roaming\czqvcv.exe Infected: Trojan.Win32.Buzus.epmh 1
C:\Users\Mike\AppData\Roaming\czqvcv.exe Infected: Trojan.Win32.Buzus.epmh 1
C:\Windows\System32\spool\prtprocs\w32x86\17aAA7.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\17qG1i.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\1g93a7.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\31m9gMY9.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\3e7aAA7k.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\3mY9c179.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\555sK.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\7931eI3.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\79qGMYW.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\7oC1sK3.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\9u1mY31o9.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\IQG7i31q9.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\k17g3i7q.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\K317w3u79.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\M5555.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\MYWSKU1m9.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\oC179yWSK.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\oCE793eIQ.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\qG317k3.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\S793u7.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\S93sK9y.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\uOCEI7.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\w17yW17y.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\wS5e5.dll Infected: Backdoor.Win32.TDSS.xb 1
C:\Windows\System32\spool\prtprocs\w32x86\yW55y.dll Infected: Backdoor.Win32.TDSS.xb 1
N:\Downloads\VNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
N:\Downloads\VNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

Selected area has been scanned.
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 14th, 2010, 5:56 am

mgpatton4,
Right click RKill and choose "Run as administrator"
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Click on your Trend Micro Antivirus icon and disable Real Time protection before proceeding.
    Instructions are here if you need them:
    http://esupport.trendmicro.com/Pages/Ho ... 38331.aspx
  • Now start ComboFix (zzz.exe) and run a scan with it
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Reenable your protection software and post the log in your next reply
A copy of the log will be located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 14th, 2010, 1:01 pm

Askey127,

I ran ComboFix as instructed. Here is the log:

ComboFix 10-08-12.03 - Mike 08/14/2010 9:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1791 [GMT -6:00]
Running from: c:\users\Mike\Desktop\zzz.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrator\AppData\Local\unzip.exe
c:\users\Administrator\AppData\Roaming\9d024476.exe
c:\windows\system32\%appdata%
c:\windows\system32\service
c:\windows\system32\service\04042010_TIS17_SfFniAU.log
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\09042009_TIS17_SfFniAU.log
c:\windows\system32\service\15012010_TIS17_SfFniAU.log
c:\windows\system32\service\16072010_TIS17_SfFniAU.log
c:\windows\system32\service\19072010_TIS17_SfFniAU.log
c:\windows\system32\service\24072010_TIS17_SfFniAU.log
c:\windows\system32\service\25072010_TIS17_SfFniAU.log
c:\windows\system32\service\31052010_TIS17_SfFniAU.log
c:\windows\system32\service\31072010_TIS17_SfFniAU.log
O:\install.exe

----- File Replicators -----

c:\users\Mike\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{07C9627A-CA0B-2AA2-062E-204359DF7BA1}\ARPPRODUCTICON.exe
c:\windows\Installer\{0C826C5B-B131-423A-A229-C71B3CACCD6A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0EFB2016-41D2-5F30-8F60-25250F6DABDD}\ARPPRODUCTICON.exe
c:\windows\Installer\{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}\ARPPRODUCTICON.exe
c:\windows\Installer\{27265B80-303E-EFFF-6052-B11F91B634C3}\ARPPRODUCTICON.exe
c:\windows\Installer\{2920435D-CE92-5024-1694-DFD43A5FF074}\ARPPRODUCTICON.exe
c:\windows\Installer\{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}\ARPPRODUCTICON.exe
c:\windows\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
c:\windows\Installer\{358004B9-3A16-87FF-4487-4D6F0C70E52F}\ARPPRODUCTICON.exe
c:\windows\Installer\{38A3E884-313A-7AE0-11BC-482DE0C8766A}\ARPPRODUCTICON.exe
c:\windows\Installer\{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}\ARPPRODUCTICON.exe
c:\windows\Installer\{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}\ARPPRODUCTICON.exe
c:\windows\Installer\{4C90501F-864B-5AC4-867D-6AC35BE50721}\ARPPRODUCTICON.exe
c:\windows\Installer\{55398A75-13E0-570F-BD16-2EE5D9E5523D}\ARPPRODUCTICON.exe
c:\windows\Installer\{5F131988-3326-AD64-1817-D76A2FE3C2D3}\ARPPRODUCTICON.exe
c:\windows\Installer\{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}\ARPPRODUCTICON.exe
c:\windows\Installer\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\ARPPRODUCTICON.exe
c:\windows\Installer\{61C63422-E5E2-8576-2B82-0E01F5AD2538}\ARPPRODUCTICON.exe
c:\windows\Installer\{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}\ARPPRODUCTICON.exe
c:\windows\Installer\{629044C7-745A-64B8-467F-2F93ED50008B}\ARPPRODUCTICON.exe
c:\windows\Installer\{65BF23C0-4EF9-27CC-7B6F-190F4008A569}\ARPPRODUCTICON.exe
c:\windows\Installer\{65D602E4-DCDE-0743-6A0A-F1A203449F47}\ARPPRODUCTICON.exe
c:\windows\Installer\{6B4874CA-13CF-2477-B697-B448201B56B6}\ARPPRODUCTICON.exe
c:\windows\Installer\{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}\ARPPRODUCTICON.exe
c:\windows\Installer\{70495081-1DC8-AD4B-C197-12138B8FBC9E}\ARPPRODUCTICON.exe
c:\windows\Installer\{71B929E2-3556-93DB-DEC0-FD56D3EFB473}\ARPPRODUCTICON.exe
c:\windows\Installer\{71C47830-182D-79FA-0790-0366E6E2C2EB}\ARPPRODUCTICON.exe
c:\windows\Installer\{77CAD946-C573-6647-B222-B6870C072932}\ARPPRODUCTICON.exe
c:\windows\Installer\{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}\ARPPRODUCTICON.exe
c:\windows\Installer\{86728841-C151-B8E4-43C6-DD289DE570B6}\ARPPRODUCTICON.exe
c:\windows\Installer\{86DBA852-5D5E-1856-D828-620E792EDC0D}\ARPPRODUCTICON.exe
c:\windows\Installer\{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}\ARPPRODUCTICON.exe
c:\windows\Installer\{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}\ARPPRODUCTICON.exe
c:\windows\Installer\{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}\ARPPRODUCTICON.exe
c:\windows\Installer\{93F3EBDD-4007-C233-7320-977AC0941054}\ARPPRODUCTICON.exe
c:\windows\Installer\{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}\ARPPRODUCTICON.exe
c:\windows\Installer\{A103C127-2168-4493-8D01-4BF180BED12C}\ARPPRODUCTICON.exe
c:\windows\Installer\{AC2EE52D-05CD-8140-5D29-5AA29590971E}\ARPPRODUCTICON.exe
c:\windows\Installer\{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}\ARPPRODUCTICON.exe
c:\windows\Installer\{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}\ARPPRODUCTICON.exe
c:\windows\Installer\{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}\ARPPRODUCTICON.exe
c:\windows\Installer\{BC713970-8C3C-852B-4139-636F21114B7F}\ARPPRODUCTICON.exe
c:\windows\Installer\{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}\ARPPRODUCTICON.exe
c:\windows\Installer\{C730E42C-935A-45BB-A0C5-37E5234D111B}\ARPPRODUCTICON.exe
c:\windows\Installer\{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}\ARPPRODUCTICON.exe
c:\windows\Installer\{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}\ARPPRODUCTICON.exe
c:\windows\Installer\{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}\ARPPRODUCTICON.exe
c:\windows\Installer\{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}\ARPPRODUCTICON.exe
c:\windows\Installer\{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}\ARPPRODUCTICON.exe
c:\windows\Installer\{F0646787-1A2F-34E9-A61D-9DAD69F606F8}\ARPPRODUCTICON.exe
c:\windows\Installer\{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}\ARPPRODUCTICON.exe
c:\windows\Installer\{F67E6AE5-F87B-025F-2D6B-26491304393F}\ARPPRODUCTICON.exe
c:\windows\Installer\{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}\ARPPRODUCTICON.exe
c:\windows\Installer\{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}\ARPPRODUCTICON.exe
c:\windows\Installer\{FA493449-3E34-4E05-8CA7-26A42E9F180E}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 15:30 . 2010-08-14 16:28 -------- d-----w- c:\users\Mike\AppData\Local\temp
2010-08-14 15:30 . 2010-08-14 15:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-14 15:30 . 2010-08-14 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 15:30 . 2010-08-14 15:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-11 00:36 . 2010-08-11 00:36 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2010-08-11 00:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 00:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 00:36 . 2010-08-11 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 02:12 . 2009-12-04 16:05 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-08-10 02:12 . 2009-12-04 16:39 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-08-10 02:12 . 2009-12-04 16:38 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-08-10 01:32 . 2010-08-10 01:33 -------- d-----w- C:\rsit
2010-08-07 03:06 . 2010-08-12 09:01 -------- d-----w- c:\windows\system32\catroot2
2010-08-04 13:16 . 2010-08-04 13:16 -------- d-----w- c:\users\Mike\AppData\Roaming\Silicondust
2010-08-04 13:15 . 2010-08-04 13:15 -------- d-----w- c:\program files\Silicondust
2010-08-01 03:10 . 2010-07-23 23:22 43008 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-01 03:10 . 2010-07-23 23:22 1496064 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-01 03:10 . 2010-07-23 23:22 338944 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-01 03:10 . 2010-07-23 23:22 346112 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-01 01:26 . 2010-08-01 01:26 74240 ----a-w- c:\users\Administrator\AppData\Local\Ken_loading2.exe
2010-08-01 01:26 . 2010-08-01 01:26 74240 ----a-w- c:\users\Administrator\AppData\Local\Ken_loading1.exe
2010-08-01 01:26 . 2010-08-01 01:26 173320 ----a-w- c:\users\Administrator\AppData\Local\PcModCtl.exe
2010-08-01 01:26 . 2010-08-01 01:26 126072 ----a-w- c:\users\Administrator\AppData\Local\download.exe
2010-08-01 00:59 . 2010-08-01 00:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-08-01 00:59 . 2010-07-05 15:25 45568 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\S93sK9y.dll
2010-08-01 00:41 . 2010-07-05 15:25 45568 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\qG317k3.dll
2010-07-31 19:57 . 2010-07-05 15:25 45568 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\31m9gMY9.dll
2010-07-31 15:15 . 2010-07-05 15:25 45568 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\uOCEI7.dll
2010-07-30 23:57 . 2010-07-30 23:57 -------- d-----w- c:\program files\iPod
2010-07-30 23:57 . 2010-07-30 23:58 -------- d-----w- c:\program files\iTunes
2010-07-23 23:18 . 2010-07-23 23:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-23 23:17 . 2010-07-23 23:17 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-23 23:12 . 2010-07-23 23:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-22 00:33 . 2010-07-22 00:33 -------- d-----w- c:\program data\Yahoo!
2010-07-22 00:33 . 2010-07-22 00:33 -------- d-----w- C:\Program Data
2010-07-22 00:33 . 2010-04-20 22:45 607472 ----a-w- c:\program data\Yahoo!\YUpdater\yupdater.exe
2010-07-20 01:14 . 2010-08-07 03:50 -------- d-----w- c:\program files\Trend Micro
2010-07-20 01:09 . 2010-07-20 01:09 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-07-20 01:09 . 2010-07-20 01:09 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-07-20 01:09 . 2010-07-20 01:09 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-07-20 01:09 . 2010-07-20 01:09 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-07-20 01:09 . 2010-07-20 01:09 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-20 01:09 . 2010-07-20 01:09 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-07-17 00:38 . 2010-07-17 00:38 -------- d--h--w- c:\windows\PIF
2010-07-17 00:16 . 2009-05-22 06:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 15:31 . 2009-04-04 20:28 5361 ----a-w- c:\windows\bthservsdp.dat
2010-08-13 01:47 . 2009-01-29 07:24 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 09:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 01:00 . 2008-05-13 17:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 04:21 . 2008-05-05 18:34 -------- d-----w- c:\program files\Google
2010-08-07 02:39 . 2009-05-29 02:42 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-08-01 00:59 . 2009-07-28 03:10 74832 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 23:57 . 2009-05-10 18:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 23:43 . 2009-06-30 02:03 -------- d-----w- c:\program files\The Rosetta Stone
2010-07-30 02:44 . 2008-05-05 18:33 -------- d-----w- c:\program files\Java
2010-07-30 02:44 . 2008-05-05 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-30 02:30 . 2009-04-04 20:49 -------- d-----w- c:\program files\Common Files\Logishrd
2010-07-30 02:27 . 2009-04-04 20:49 -------- d-----w- c:\program files\Logitech
2010-07-30 02:26 . 2010-06-26 20:52 -------- d-----w- c:\program files\Common Files\LWS
2010-07-30 02:00 . 2009-09-13 18:14 -------- d-----w- c:\program files\imeem
2010-07-30 01:56 . 2008-05-05 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 23:23 . 2009-04-04 00:32 74832 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-23 00:02 . 2009-04-04 01:13 -------- d-----w- c:\program files\Yahoo!
2010-07-22 00:37 . 2009-04-04 03:56 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
2010-07-17 11:00 . 2010-05-15 02:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 22:22 . 2010-07-10 16:26 -------- d-----w- c:\users\Mike\AppData\Roaming\GARMIN
2010-07-05 21:57 . 2010-07-05 00:00 -------- d-----w- c:\users\Mike\AppData\Roaming\PCF-VLC
2010-07-05 15:09 . 2010-07-05 15:09 516096 --sh--r- c:\users\Mike\AppData\Roaming\czqvcv.exe
2010-07-05 15:09 . 2010-07-05 15:09 516096 --sh--r- c:\users\Mike\AppData\Roaming\czqvcv.exe
2010-07-05 15:09 . 2010-07-05 15:09 516096 --sh--r- c:\users\Administrator\AppData\Roaming\czqvcv.exe
2010-07-05 15:09 . 2010-07-05 15:09 516096 --sh--r- c:\users\Administrator\AppData\Roaming\czqvcv.exe
2010-07-05 00:07 . 2009-05-26 00:19 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-07-05 00:06 . 2009-05-26 00:18 -------- d-----w- c:\program files\Brother
2010-07-04 21:47 . 2010-07-04 21:47 -------- d-----w- c:\users\Mike\AppData\Roaming\Participatory Culture Foundation
2010-06-29 02:51 . 2010-06-29 02:51 -------- d-----w- c:\users\Mike\AppData\Roaming\Soluto
2010-06-26 14:46 . 2009-01-29 07:28 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 14:27 . 2009-10-30 19:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-26 06:05 . 2010-08-12 00:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 00:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 00:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 00:21 . 2010-03-31 00:13 439816 ----a-w- c:\users\Mike\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-21 13:37 . 2010-08-12 00:19 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 00:19 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 00:19 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 00:19 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-18 00:37 . 2010-06-18 00:37 -------- d-----w- c:\program files\Bonjour
2010-06-16 16:04 . 2010-08-12 00:19 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 00:19 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 00:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 00:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 00:19 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 20:08 . 2010-08-12 00:19 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-12 00:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 00:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 22:35 . 2010-05-18 22:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35 . 2010-05-18 22:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-04-04 00:31 . 2009-04-04 00:31 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-04-04 00:31 . 2009-04-04 00:31 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"Google Update"="c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-23 135664]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-26 160328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-26 160328]

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-4 813584]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2010-1-13 283112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,34,08,4d,0d,e0,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys [2010-01-13 562152]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys [2010-01-13 461288]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys [2010-01-13 791528]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-07-20 146448]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-07-20 283152]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:35]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:35]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 16:25]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Mike\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 10:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ce,a9,78,0b,89,78,45,bf,57,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ce,a9,78,0b,89,78,45,bf,57,12,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(4880)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apricorn\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\AVANQU~2\Fix-It\mxtask.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\progra~1\AVANQU~2\Fix-It\mxtask2.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\RtHDVCpl.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-14 10:35:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 16:35

Pre-Run: 218,212,675,584 bytes free
Post-Run: 220,711,321,600 bytes free

- - End Of File - - 57C515E33073964BA2B06A2C3BC29EEE
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 14th, 2010, 3:01 pm

mgpatton4,
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    C:\Users\Administrator\AppData\Roaming\9d024476.exe
    C:\Users\Administrator\AppData\Roaming\czqvcv.exe
    C:\Users\Mike\AppData\Roaming\czqvcv.exe
    C:\Windows\System32\spool\prtprocs\w32x86\17aAA7.dll
    C:\Windows\System32\spool\prtprocs\w32x86\17qG1i.dll
    C:\Windows\System32\spool\prtprocs\w32x86\1g93a7.dll
    C:\Windows\System32\spool\prtprocs\w32x86\31m9gMY9.dll
    C:\Windows\System32\spool\prtprocs\w32x86\3e7aAA7k.dll
    C:\Windows\System32\spool\prtprocs\w32x86\3mY9c179.dll
    C:\Windows\System32\spool\prtprocs\w32x86\555sK.dll
    C:\Windows\System32\spool\prtprocs\w32x86\7931eI3.dll
    C:\Windows\System32\spool\prtprocs\w32x86\79qGMYW.dll
    C:\Windows\System32\spool\prtprocs\w32x86\7oC1sK3.dll
    C:\Windows\System32\spool\prtprocs\w32x86\9u1mY31o9.dll
    C:\Windows\System32\spool\prtprocs\w32x86\IQG7i31q9.dll
    C:\Windows\System32\spool\prtprocs\w32x86\k17g3i7q.dll
    C:\Windows\System32\spool\prtprocs\w32x86\K317w3u79.dll
    C:\Windows\System32\spool\prtprocs\w32x86\M5555.dll
    C:\Windows\System32\spool\prtprocs\w32x86\MYWSKU1m9.dll
    C:\Windows\System32\spool\prtprocs\w32x86\oC179yWSK.dll
    C:\Windows\System32\spool\prtprocs\w32x86\oCE793eIQ.dll
    C:\Windows\System32\spool\prtprocs\w32x86\qG317k3.dll
    C:\Windows\System32\spool\prtprocs\w32x86\S793u7.dll
    C:\Windows\System32\spool\prtprocs\w32x86\S93sK9y.dll
    C:\Windows\System32\spool\prtprocs\w32x86\uOCEI7.dll
    C:\Windows\System32\spool\prtprocs\w32x86\w17yW17y.dll
    C:\Windows\System32\spool\prtprocs\w32x86\wS5e5.dll
    C:\Windows\System32\spool\prtprocs\w32x86\yW55y.dll
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 14th, 2010, 8:29 pm

Here are the results:

ComboFix 10-08-14.02 - Mike 08/14/2010 18:00:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1741 [GMT -6:00]
Running from: c:\users\Mike\Desktop\zzz.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Administrator\AppData\Roaming\9d024476.exe"
"c:\users\Administrator\AppData\Roaming\czqvcv.exe"
"c:\users\Mike\AppData\Roaming\czqvcv.exe"
"c:\windows\System32\spool\prtprocs\w32x86\17aAA7.dll"
"c:\windows\System32\spool\prtprocs\w32x86\17qG1i.dll"
"c:\windows\System32\spool\prtprocs\w32x86\1g93a7.dll"
"c:\windows\System32\spool\prtprocs\w32x86\31m9gMY9.dll"
"c:\windows\System32\spool\prtprocs\w32x86\3e7aAA7k.dll"
"c:\windows\System32\spool\prtprocs\w32x86\3mY9c179.dll"
"c:\windows\System32\spool\prtprocs\w32x86\555sK.dll"
"c:\windows\System32\spool\prtprocs\w32x86\7931eI3.dll"
"c:\windows\System32\spool\prtprocs\w32x86\79qGMYW.dll"
"c:\windows\System32\spool\prtprocs\w32x86\7oC1sK3.dll"
"c:\windows\System32\spool\prtprocs\w32x86\9u1mY31o9.dll"
"c:\windows\System32\spool\prtprocs\w32x86\IQG7i31q9.dll"
"c:\windows\System32\spool\prtprocs\w32x86\k17g3i7q.dll"
"c:\windows\System32\spool\prtprocs\w32x86\K317w3u79.dll"
"c:\windows\System32\spool\prtprocs\w32x86\M5555.dll"
"c:\windows\System32\spool\prtprocs\w32x86\MYWSKU1m9.dll"
"c:\windows\System32\spool\prtprocs\w32x86\oC179yWSK.dll"
"c:\windows\System32\spool\prtprocs\w32x86\oCE793eIQ.dll"
"c:\windows\System32\spool\prtprocs\w32x86\qG317k3.dll"
"c:\windows\System32\spool\prtprocs\w32x86\S793u7.dll"
"c:\windows\System32\spool\prtprocs\w32x86\S93sK9y.dll"
"c:\windows\System32\spool\prtprocs\w32x86\uOCEI7.dll"
"c:\windows\System32\spool\prtprocs\w32x86\w17yW17y.dll"
"c:\windows\System32\spool\prtprocs\w32x86\wS5e5.dll"
"c:\windows\System32\spool\prtprocs\w32x86\yW55y.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrator\AppData\Roaming\czqvcv.exe
c:\users\Mike\AppData\Roaming\czqvcv.exe
c:\windows\System32\spool\prtprocs\w32x86\17aAA7.dll
c:\windows\System32\spool\prtprocs\w32x86\17qG1i.dll
c:\windows\System32\spool\prtprocs\w32x86\1g93a7.dll
c:\windows\System32\spool\prtprocs\w32x86\31m9gMY9.dll
c:\windows\System32\spool\prtprocs\w32x86\3e7aAA7k.dll
c:\windows\System32\spool\prtprocs\w32x86\3mY9c179.dll
c:\windows\System32\spool\prtprocs\w32x86\555sK.dll
c:\windows\System32\spool\prtprocs\w32x86\7931eI3.dll
c:\windows\System32\spool\prtprocs\w32x86\79qGMYW.dll
c:\windows\System32\spool\prtprocs\w32x86\7oC1sK3.dll
c:\windows\System32\spool\prtprocs\w32x86\9u1mY31o9.dll
c:\windows\System32\spool\prtprocs\w32x86\IQG7i31q9.dll
c:\windows\System32\spool\prtprocs\w32x86\k17g3i7q.dll
c:\windows\System32\spool\prtprocs\w32x86\K317w3u79.dll
c:\windows\System32\spool\prtprocs\w32x86\M5555.dll
c:\windows\System32\spool\prtprocs\w32x86\MYWSKU1m9.dll
c:\windows\System32\spool\prtprocs\w32x86\oC179yWSK.dll
c:\windows\System32\spool\prtprocs\w32x86\oCE793eIQ.dll
c:\windows\System32\spool\prtprocs\w32x86\qG317k3.dll
c:\windows\System32\spool\prtprocs\w32x86\S793u7.dll
c:\windows\System32\spool\prtprocs\w32x86\S93sK9y.dll
c:\windows\System32\spool\prtprocs\w32x86\uOCEI7.dll
c:\windows\System32\spool\prtprocs\w32x86\w17yW17y.dll
c:\windows\System32\spool\prtprocs\w32x86\wS5e5.dll
c:\windows\System32\spool\prtprocs\w32x86\yW55y.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 00:08 . 2010-08-15 00:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-15 00:08 . 2010-08-15 00:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 00:08 . 2010-08-15 00:08 -------- d-----w- c:\users\Mike\AppData\Local\temp
2010-08-15 00:08 . 2010-08-15 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 00:08 . 2010-08-15 00:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-11 00:36 . 2010-08-11 00:36 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2010-08-11 00:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 00:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 00:36 . 2010-08-11 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 02:12 . 2009-12-04 16:05 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-08-10 02:12 . 2009-12-04 16:39 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-08-10 02:12 . 2009-12-04 16:38 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-08-10 01:32 . 2010-08-10 01:33 -------- d-----w- C:\rsit
2010-08-07 03:06 . 2010-08-12 09:01 -------- d-----w- c:\windows\system32\catroot2
2010-08-04 13:16 . 2010-08-04 13:16 -------- d-----w- c:\users\Mike\AppData\Roaming\Silicondust
2010-08-04 13:15 . 2010-08-04 13:15 -------- d-----w- c:\program files\Silicondust
2010-08-01 03:10 . 2010-07-23 23:22 43008 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-01 03:10 . 2010-07-23 23:22 1496064 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-01 03:10 . 2010-07-23 23:22 338944 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-01 03:10 . 2010-07-23 23:22 346112 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-01 01:26 . 2010-08-01 01:26 74240 ----a-w- c:\users\Administrator\AppData\Local\Ken_loading2.exe
2010-08-01 01:26 . 2010-08-01 01:26 74240 ----a-w- c:\users\Administrator\AppData\Local\Ken_loading1.exe
2010-08-01 01:26 . 2010-08-01 01:26 173320 ----a-w- c:\users\Administrator\AppData\Local\PcModCtl.exe
2010-08-01 01:26 . 2010-08-01 01:26 126072 ----a-w- c:\users\Administrator\AppData\Local\download.exe
2010-08-01 00:59 . 2010-08-01 00:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-07-30 23:57 . 2010-07-30 23:57 -------- d-----w- c:\program files\iPod
2010-07-30 23:57 . 2010-07-30 23:58 -------- d-----w- c:\program files\iTunes
2010-07-23 23:18 . 2010-07-23 23:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-23 23:17 . 2010-07-23 23:17 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-23 23:12 . 2010-07-23 23:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-22 00:33 . 2010-07-22 00:33 -------- d-----w- c:\program data\Yahoo!
2010-07-22 00:33 . 2010-07-22 00:33 -------- d-----w- C:\Program Data
2010-07-22 00:33 . 2010-04-20 22:45 607472 ----a-w- c:\program data\Yahoo!\YUpdater\yupdater.exe
2010-07-20 01:14 . 2010-08-07 03:50 -------- d-----w- c:\program files\Trend Micro
2010-07-20 01:09 . 2010-07-20 01:09 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-07-20 01:09 . 2010-07-20 01:09 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-07-20 01:09 . 2010-07-20 01:09 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-07-20 01:09 . 2010-07-20 01:09 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-07-20 01:09 . 2010-07-20 01:09 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-20 01:09 . 2010-07-20 01:09 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-07-17 00:38 . 2010-07-17 00:38 -------- d--h--w- c:\windows\PIF
2010-07-17 00:16 . 2009-05-22 06:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:45 . 2009-04-04 20:28 5361 ----a-w- c:\windows\bthservsdp.dat
2010-08-13 01:47 . 2009-01-29 07:24 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 09:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 01:00 . 2008-05-13 17:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 04:21 . 2008-05-05 18:34 -------- d-----w- c:\program files\Google
2010-08-07 02:39 . 2009-05-29 02:42 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-08-01 00:59 . 2009-07-28 03:10 74832 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 23:57 . 2009-05-10 18:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 23:43 . 2009-06-30 02:03 -------- d-----w- c:\program files\The Rosetta Stone
2010-07-30 02:44 . 2008-05-05 18:33 -------- d-----w- c:\program files\Java
2010-07-30 02:44 . 2008-05-05 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-30 02:30 . 2009-04-04 20:49 -------- d-----w- c:\program files\Common Files\Logishrd
2010-07-30 02:27 . 2009-04-04 20:49 -------- d-----w- c:\program files\Logitech
2010-07-30 02:26 . 2010-06-26 20:52 -------- d-----w- c:\program files\Common Files\LWS
2010-07-30 02:00 . 2009-09-13 18:14 -------- d-----w- c:\program files\imeem
2010-07-30 01:56 . 2008-05-05 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-23 23:23 . 2009-04-04 00:32 74832 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-23 00:02 . 2009-04-04 01:13 -------- d-----w- c:\program files\Yahoo!
2010-07-22 00:37 . 2009-04-04 03:56 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
2010-07-17 11:00 . 2010-05-15 02:22 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 22:22 . 2010-07-10 16:26 -------- d-----w- c:\users\Mike\AppData\Roaming\GARMIN
2010-07-05 21:57 . 2010-07-05 00:00 -------- d-----w- c:\users\Mike\AppData\Roaming\PCF-VLC
2010-07-05 00:07 . 2009-05-26 00:19 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-07-05 00:06 . 2009-05-26 00:18 -------- d-----w- c:\program files\Brother
2010-07-04 21:47 . 2010-07-04 21:47 -------- d-----w- c:\users\Mike\AppData\Roaming\Participatory Culture Foundation
2010-06-29 02:51 . 2010-06-29 02:51 -------- d-----w- c:\users\Mike\AppData\Roaming\Soluto
2010-06-26 14:46 . 2009-01-29 07:28 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 14:27 . 2009-10-30 19:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-26 06:05 . 2010-08-12 00:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 00:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 00:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 00:21 . 2010-03-31 00:13 439816 ----a-w- c:\users\Mike\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-21 13:37 . 2010-08-12 00:19 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 00:19 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 00:19 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 00:19 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-18 00:37 . 2010-06-18 00:37 -------- d-----w- c:\program files\Bonjour
2010-06-16 16:04 . 2010-08-12 00:19 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 00:19 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 00:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 00:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 00:19 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 20:08 . 2010-08-12 00:19 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-12 00:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 00:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 22:35 . 2010-05-18 22:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35 . 2010-05-18 22:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-04-04 00:31 . 2009-04-04 00:31 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-04-04 00:31 . 2009-04-04 00:31 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 334224]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"Google Update"="c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-23 135664]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-26 160328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-26 160328]

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-4 813584]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2010-1-13 283112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,34,08,4d,0d,e0,c9,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-20 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-07-20 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-07-20 689416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys [2010-01-13 562152]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys [2010-01-13 461288]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys [2010-01-13 791528]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-07-20 146448]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-07-20 283152]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:35]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:35]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 16:25]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648317281-1878308405-4135220662-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\sage2ggh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Mike\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ce,a9,78,0b,89,78,45,bf,57,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ce,a9,78,0b,89,78,45,bf,57,12,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-14 18:11:06
ComboFix-quarantined-files.txt 2010-08-15 00:11
ComboFix2.txt 2010-08-14 16:35

Pre-Run: 221,308,604,416 bytes free
Post-Run: 221,269,397,504 bytes free

- - End Of File - - FE389B1CD8FAC1213B4D980004506097
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 14th, 2010, 9:53 pm

mgpatton4,
--------------------------------------------
TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 14th, 2010, 10:53 pm

There were no malicious objects found. Here is the log:

2010/08/14 20:50:28.0521 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/14 20:50:28.0521 ================================================================================
2010/08/14 20:50:28.0521 SystemInfo:
2010/08/14 20:50:28.0521
2010/08/14 20:50:28.0521 OS Version: 6.0.6002 ServicePack: 2.0
2010/08/14 20:50:28.0521 Product type: Workstation
2010/08/14 20:50:28.0521 ComputerName: LAPTOP
2010/08/14 20:50:28.0521 UserName: Mike
2010/08/14 20:50:28.0521 Windows directory: C:\Windows
2010/08/14 20:50:28.0521 System windows directory: C:\Windows
2010/08/14 20:50:28.0521 Processor architecture: Intel x86
2010/08/14 20:50:28.0522 Number of processors: 2
2010/08/14 20:50:28.0522 Page size: 0x1000
2010/08/14 20:50:28.0522 Boot type: Normal boot
2010/08/14 20:50:28.0522 ================================================================================
2010/08/14 20:50:29.0514 Initialize success
2010/08/14 20:50:36.0565 ================================================================================
2010/08/14 20:50:36.0565 Scan started
2010/08/14 20:50:36.0565 Mode: Manual;
2010/08/14 20:50:36.0565 ================================================================================
2010/08/14 20:50:37.0665 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/08/14 20:50:37.0842 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/14 20:50:37.0961 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/14 20:50:38.0123 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/14 20:50:38.0218 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/14 20:50:38.0409 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/08/14 20:50:38.0565 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/14 20:50:38.0815 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/14 20:50:38.0882 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/14 20:50:39.0010 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/14 20:50:39.0073 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/14 20:50:39.0275 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/14 20:50:39.0386 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/14 20:50:39.0433 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/14 20:50:39.0605 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/14 20:50:39.0679 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/14 20:50:39.0807 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/14 20:50:39.0867 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/08/14 20:50:39.0996 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2010/08/14 20:50:40.0391 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/14 20:50:40.0749 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2010/08/14 20:50:40.0865 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/14 20:50:40.0937 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/14 20:50:41.0070 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/14 20:50:41.0108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/14 20:50:41.0165 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/14 20:50:41.0298 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/14 20:50:41.0385 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/14 20:50:41.0453 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/14 20:50:41.0525 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/14 20:50:41.0654 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/14 20:50:41.0720 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/14 20:50:41.0847 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/14 20:50:41.0933 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/08/14 20:50:42.0150 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/14 20:50:42.0222 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
2010/08/14 20:50:42.0344 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
2010/08/14 20:50:42.0500 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/08/14 20:50:42.0574 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/14 20:50:42.0741 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/14 20:50:42.0803 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/14 20:50:42.0896 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/14 20:50:42.0995 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/08/14 20:50:43.0133 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/14 20:50:43.0187 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/14 20:50:43.0256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/14 20:50:43.0295 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/14 20:50:43.0377 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/14 20:50:43.0472 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/08/14 20:50:43.0568 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/08/14 20:50:43.0644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/14 20:50:43.0759 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/14 20:50:43.0987 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/14 20:50:44.0098 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/08/14 20:50:44.0218 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/14 20:50:44.0370 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/14 20:50:44.0511 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/08/14 20:50:44.0588 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/08/14 20:50:44.0710 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/14 20:50:44.0787 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/14 20:50:44.0823 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/14 20:50:44.0959 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/14 20:50:45.0041 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/08/14 20:50:45.0169 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/14 20:50:45.0245 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/08/14 20:50:45.0307 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/14 20:50:45.0465 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/14 20:50:45.0669 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/14 20:50:45.0768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/14 20:50:45.0888 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/14 20:50:45.0960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/14 20:50:46.0087 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/14 20:50:46.0156 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/14 20:50:46.0243 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/08/14 20:50:46.0413 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/14 20:50:46.0497 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/14 20:50:46.0653 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/14 20:50:46.0798 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/14 20:50:46.0991 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/14 20:50:47.0251 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/14 20:50:47.0297 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/14 20:50:47.0435 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/14 20:50:47.0498 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/14 20:50:47.0591 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/14 20:50:47.0759 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/14 20:50:47.0823 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/14 20:50:47.0916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/14 20:50:48.0020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/14 20:50:48.0100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/14 20:50:48.0226 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2010/08/14 20:50:48.0284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/14 20:50:48.0368 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/14 20:50:48.0505 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2010/08/14 20:50:48.0578 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2010/08/14 20:50:49.0125 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/14 20:50:49.0250 lfsfilt (762ba43f094a026b70c2eb06e3599d4f) C:\Windows\system32\DRIVERS\lfsfilt.sys
2010/08/14 20:50:49.0293 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/08/14 20:50:49.0403 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/14 20:50:49.0511 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/08/14 20:50:49.0645 lpx (56374187a4e25b6e176988db1d8db457) C:\Windows\system32\DRIVERS\lpx6x.sys
2010/08/14 20:50:49.0716 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/14 20:50:49.0788 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/14 20:50:49.0931 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/14 20:50:49.0991 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/14 20:50:50.0140 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/14 20:50:50.0222 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/14 20:50:50.0479 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/14 20:50:50.0544 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/14 20:50:50.0587 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/14 20:50:50.0687 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/14 20:50:50.0729 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/14 20:50:50.0776 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/14 20:50:50.0852 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/14 20:50:51.0019 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/14 20:50:51.0083 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/14 20:50:51.0170 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/14 20:50:51.0202 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/14 20:50:51.0241 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/14 20:50:51.0334 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/08/14 20:50:51.0381 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/14 20:50:51.0451 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/14 20:50:51.0556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/14 20:50:51.0642 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/14 20:50:51.0759 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/14 20:50:51.0821 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/14 20:50:51.0877 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/08/14 20:50:51.0986 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/14 20:50:52.0164 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/14 20:50:52.0236 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/08/14 20:50:52.0354 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/14 20:50:52.0437 ndasbus (c5cfa28cdb752d71a3f1940458886ed4) C:\Windows\system32\DRIVERS\ndasbus.sys
2010/08/14 20:50:52.0583 ndasfat (1f5872cd8eea9f3906c4b01c70a11dc4) C:\Windows\system32\DRIVERS\ndasfat.sys
2010/08/14 20:50:52.0650 ndasfs (343756f332eb1159c60b175bf49a0858) C:\Windows\system32\DRIVERS\ndasfs.sys
2010/08/14 20:50:52.0762 ndasrofs (2ee444370ef4a542282aa96789ea50e6) C:\Windows\system32\DRIVERS\ndasrofs.sys
2010/08/14 20:50:52.0880 ndasscsi (6f4ec815a7fa64c2f4531042c6d3d54d) C:\Windows\system32\DRIVERS\ndasscsi.sys
2010/08/14 20:50:53.0033 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/08/14 20:50:53.0075 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/14 20:50:53.0184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/14 20:50:53.0265 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/14 20:50:53.0379 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/14 20:50:53.0436 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/14 20:50:53.0477 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/14 20:50:53.0642 netr28 (d9f2ebe53fe0647a9a9383590bbf0cb2) C:\Windows\system32\DRIVERS\netr28.sys
2010/08/14 20:50:53.0730 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/14 20:50:53.0830 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/08/14 20:50:53.0879 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/14 20:50:54.0000 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/08/14 20:50:54.0106 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/14 20:50:54.0172 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/14 20:50:54.0223 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/14 20:50:54.0286 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/14 20:50:54.0394 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/14 20:50:54.0496 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/08/14 20:50:54.0591 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/14 20:50:54.0695 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/08/14 20:50:54.0737 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/14 20:50:54.0812 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/08/14 20:50:54.0896 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/08/14 20:50:54.0936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/14 20:50:55.0040 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/14 20:50:55.0280 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/14 20:50:55.0335 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2010/08/14 20:50:55.0419 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/14 20:50:55.0504 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/14 20:50:55.0620 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/14 20:50:55.0851 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/14 20:50:55.0935 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/14 20:50:55.0988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/14 20:50:56.0038 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/14 20:50:56.0141 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/14 20:50:56.0194 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/14 20:50:56.0251 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/14 20:50:56.0331 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/14 20:50:56.0397 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/14 20:50:56.0460 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/14 20:50:56.0553 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/08/14 20:50:56.0713 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/14 20:50:56.0812 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/14 20:50:56.0935 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/08/14 20:50:57.0008 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
2010/08/14 20:50:57.0133 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/14 20:50:57.0228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/14 20:50:57.0302 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/14 20:50:57.0348 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/14 20:50:57.0466 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/14 20:50:57.0607 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/14 20:50:57.0668 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/14 20:50:57.0786 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/14 20:50:57.0829 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/14 20:50:57.0891 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/14 20:50:57.0940 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/14 20:50:58.0053 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/14 20:50:58.0188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/08/14 20:50:58.0339 snapman (692141d5ac9d48647fec63ac859ecd69) C:\Windows\system32\DRIVERS\snapman.sys
2010/08/14 20:50:58.0392 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/14 20:50:58.0497 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/08/14 20:50:58.0531 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/14 20:50:58.0578 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/14 20:50:58.0686 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/08/14 20:50:58.0813 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2010/08/14 20:50:58.0920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/14 20:50:59.0008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/14 20:50:59.0061 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/14 20:50:59.0202 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/14 20:50:59.0293 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/14 20:50:59.0524 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/08/14 20:50:59.0807 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/14 20:50:59.0913 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/14 20:50:59.0996 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/08/14 20:51:00.0054 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/14 20:51:00.0175 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/14 20:51:00.0241 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/14 20:51:00.0295 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/14 20:51:00.0443 tifsfilter (1d4e8d7041ca9069f65e132249a81b6d) C:\Windows\system32\DRIVERS\tifsfilt.sys
2010/08/14 20:51:00.0512 timounter (f86ff17a6f9ebd4d8c2fec4b6d0a4787) C:\Windows\system32\DRIVERS\timntr.sys
2010/08/14 20:51:00.0620 tmactmon (582f43830daa5d9aad7aa514843d8905) C:\Windows\system32\DRIVERS\tmactmon.sys
2010/08/14 20:51:00.0699 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\Windows\system32\DRIVERS\tmcomm.sys
2010/08/14 20:51:00.0843 tmevtmgr (9d38ac83d56f9b5274a65d2666da9779) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2010/08/14 20:51:00.0907 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
2010/08/14 20:51:01.0040 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\Windows\system32\DRIVERS\tmpreflt.sys
2010/08/14 20:51:01.0128 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
2010/08/14 20:51:01.0276 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
2010/08/14 20:51:01.0444 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\Windows\system32\DRIVERS\tmxpflt.sys
2010/08/14 20:51:01.0681 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/08/14 20:51:01.0761 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/14 20:51:01.0818 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/14 20:51:01.0924 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/14 20:51:01.0981 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/08/14 20:51:02.0039 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/14 20:51:02.0173 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/14 20:51:02.0297 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/14 20:51:02.0416 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/14 20:51:02.0499 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/14 20:51:02.0564 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/14 20:51:02.0687 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/14 20:51:02.0788 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/14 20:51:02.0923 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/08/14 20:51:03.0017 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/14 20:51:03.0135 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/14 20:51:03.0195 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/14 20:51:03.0266 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/14 20:51:03.0398 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/14 20:51:03.0462 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/14 20:51:03.0604 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/14 20:51:03.0672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/14 20:51:03.0751 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/14 20:51:03.0866 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/14 20:51:03.0933 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/08/14 20:51:04.0073 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/14 20:51:04.0140 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/14 20:51:04.0223 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/14 20:51:04.0286 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/14 20:51:04.0392 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/14 20:51:04.0453 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/14 20:51:04.0530 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/08/14 20:51:04.0630 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/08/14 20:51:04.0717 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\Windows\system32\DRIVERS\vsapint.sys
2010/08/14 20:51:04.0894 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/14 20:51:04.0990 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/14 20:51:05.0033 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 20:51:05.0069 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 20:51:05.0171 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/14 20:51:05.0260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/14 20:51:05.0483 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/14 20:51:05.0647 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/14 20:51:05.0758 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/14 20:51:05.0853 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/08/14 20:51:05.0991 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/14 20:51:06.0079 ================================================================================
2010/08/14 20:51:06.0079 Scan finished
2010/08/14 20:51:06.0079 ================================================================================
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am

Re: Unable to access Windows Update

Unread postby askey127 » August 15th, 2010, 7:55 am

mgpatton4
That's good !
Now all we need to do is be sure you have no leftover files as a result of the TidServ (TDSS) infection.
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.
-----------------------------------------------------
I would like you to run the Kaspersky webscan one more time. You may be able to just right click/run as administrator on the application you already downloaded.
Otherwise please download it one more time and run it.

Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the Gmer log and the log from the Kaspersky scan.
Use separate replies if it simplifies things for you.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Unable to access Windows Update

Unread postby mgpatton4 » August 15th, 2010, 11:52 pm

askey127,

GMER caused my computer to crash every time I ran it in standard mode, so I ran it in safe mode. Here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-15 13:17:34
Windows 6.0.6002 Service Pack 2
Running: c0lxjc6c.exe; Driver: C:\Users\Mike\AppData\Local\Temp\uwldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A15E000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A1A7000, 0x510, 0x40000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

Device \FileSystem\ndasrofs \NdasRofs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002761729fe
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002761729fe@001fe469984e 0x20 0x1F 0xEC 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002761729fe@0026b02dbdf8 0xD4 0x1F 0x6B 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002761729fe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002761729fe@001fe469984e 0x20 0x1F 0xEC 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002761729fe@0026b02dbdf8 0xD4 0x1F 0x6B 0xA4 ...

---- EOF - GMER 1.0.15 ----


Here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 15, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 15, 2010 15:59:30
Records in database: 4131162
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Objects scanned: 189300
Threats found: 3
Infected objects found: 30
Suspicious objects found: 0
Scan duration: 03:35:29


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\9d024476.exe.vir Infected: Backdoor.Win32.TDSS.uo 1
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\czqvcv.exe.vir Infected: Trojan.Win32.Buzus.epmh 1
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Roaming\czqvcv.exe.vir Infected: Trojan.Win32.Buzus.epmh 1
C:\Qoobox\Quarantine\[4]-Submit_2010-08-14_17.59.34.zip Infected: Trojan.Win32.Buzus.epmh 2
C:\Qoobox\Quarantine\[4]-Submit_2010-08-14_17.59.34.zip Infected: Backdoor.Win32.TDSS.xb 25

Selected area has been scanned.
mgpatton4
Active Member
 
Posts: 10
Joined: August 7th, 2010, 1:10 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 176 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware