1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Not sure what happened

Discussion in 'Malware and Virus Removal Archive' started by frayedknotarts, 2012/12/27.

  1. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    [Resolved] Not sure what happened

    Went to get online this AM and got repeated messages about out of memory, incorrect file name, yadda-yadda... when suddenly (after about three minutes of chasing splash windows and closing them) the unit shut down and restarted... and is now acting like the cat that ate the canary. No problems, just nice-as-pie operation... any ideas as to what could have happened?

    Here's the logs:
    .............................................
     
    Last edited: 2012/12/27
  2. 2012/12/27
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Sorry, as per our rules:

     

  3. to hide this advert.

  4. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Right y' are.
    ..............................................................................................................
    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.12.27.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: OSWALDO1 [administrator]

    Protection: Enabled

    12/27/2012 10:18:07 AM
    mbam-log-2012-12-27 (10-18-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 240771
    Time elapsed: 13 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    .....................................................
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 10:41:41 on 2012-12-27
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2097 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Autorun Eater\oldmcdonald.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Autorun Eater\billy.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.6\ytdToolbarIE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini "
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\engeni~1.lnk - c:\program files\engenius\11n usb wireless lan utility\RtWLan.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267072623140
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267838780767
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{85A1305A-4AF5-47BA-9E3D-C7FA10DDC2A3} : DHCPNameServer = 192.168.0.1
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ql8q5tfq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-dlink-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - ExtSQL: 2012-12-11 12:10; wtxpcom@mybrowserbar.com; c:\program files\common files\spigot\wtxpcom
    FF - ExtSQL: 2012-12-11 12:10; ytd@mybrowserbar.com; c:\program files\ytd toolbar\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2006-9-21 120320]
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 497952]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 32640]
    R1 MpKsl10e3f862;MpKsl10e3f862;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b638337-6b72-48fe-a97a-0f92e9b78d34}\MpKsl10e3f862.sys [2012-12-27 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-1 116608]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1990464]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-26 10384]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-25 654408]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-12-26 540184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-25 22344]
    RUnknown MpKsl6d63c323;MpKsl6d63c323; [x]
    S3 cpuz128;cpuz128;\??\c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-16 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-16 3072]
    S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2012-6-2 1095824]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-11-3 605856]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-11-28 793600]
    S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S4 Secunia Update Agent;Secunia Update Agent; "c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
    .
    =============== File Associations ===============
    .
    ShellExec: NWC32.EXE: Open=c:\progra~1\notewo~2\NWC32.EXE
    ShellExec: pdfvista.exe: Open= "c:\program files\pdf complete\pdfvista.exe "
    ShellExec: pdfvista.exe: Read= "c:\program files\pdf complete\pdfvista.exe "
    .
    =============== Created Last 30 ================
    .
    2012-12-27 15:38:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b638337-6b72-48fe-a97a-0f92e9b78d34}\MpKsl10e3f862.sys
    2012-12-27 15:05:00 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b638337-6b72-48fe-a97a-0f92e9b78d34}\mpengine.dll
    2012-12-26 08:47:59 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-12-21 23:18:45 -------- d-----w- c:\documents and settings\administrator\application data\Rovio
    2012-12-21 23:17:26 -------- d-----w- c:\program files\Rovio
    2012-12-11 23:32:48 -------- d-----w- c:\documents and settings\administrator\application data\YTD
    2012-12-11 12:32:50 -------- d-----w- c:\documents and settings\administrator\application data\Search Settings
    2012-12-11 12:32:17 -------- d-----w- c:\program files\Application Updater
    2012-12-11 12:32:14 -------- d-----w- c:\program files\YTD Toolbar
    2012-12-11 12:32:14 -------- d-----w- c:\program files\common files\Spigot
    2012-12-05 03:08:59 68096 ----a-w- c:\program files\mozilla firefox\plugins\webex\1226\cnvtata.dll
    2012-12-01 13:24:53 -------- d-----w- c:\documents and settings\administrator\application data\NeatImage PS
    2012-11-29 01:07:09 -------- d-----w- C:\LibTaxSharedData
    2012-11-29 01:05:10 -------- d-----w- C:\LibTax 2012 November Release Installation
    .
    ==================== Find3M ====================
    .
    2012-12-11 21:05:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-11 21:05:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-24 21:16:51 8228864 ---ha-w- c:\documents and settings\administrator\ntuser.tmp
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-07 23:38:16 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-11-07 23:38:14 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-11-07 23:38:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-11-07 23:37:35 34024 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-11-07 23:37:34 301264 ----a-w- c:\windows\system32\guard32.dll
    2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    .
    ============= FINISH: 10:44:04.25 ===============

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-27 10:38:53
    -----------------------------
    10:38:53.125 OS Version: Windows 5.1.2600 Service Pack 3
    10:38:53.125 Number of processors: 2 586 0x6B02
    10:38:53.125 ComputerName: OSWALDO1 UserName:
    10:38:58.187 Initialize success
    10:39:24.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    10:39:24.640 Disk 0 Vendor: ST3250310AS 3.AHC Size: 238475MB BusType: 3
    10:39:24.640 Disk 0 MBR read successfully
    10:39:24.640 Disk 0 MBR scan
    10:39:24.640 Disk 0 Windows XP default MBR code
    10:39:24.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    10:39:24.640 Disk 0 scanning sectors +488376000
    10:39:24.703 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:39:31.328 Service scanning
    10:39:38.484 Service MpKsl10e3f862 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B638337-6B72-48FE-A97A-0F92E9B78D34}\MpKsl10e3f862.sys **LOCKED** 32
    10:39:46.796 Modules scanning
    10:39:58.953 Disk 0 trace - called modules:
    10:39:58.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys PCIIDEX.SYS
    10:39:58.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2f9878]
    10:39:58.968 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8b2f9490]
    10:39:58.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8b2f8940]
    10:39:58.968 Scan finished successfully
    10:40:08.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\12-27\MBR.dat "
    10:40:08.765 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\12-27\aswMBR.txt "
     
  5. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/26/2009 3:07:28 PM
    System Uptime: 12/27/2012 9:51:51 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0A64h
    Processor: AMD Athlon(tm) Dual Core Processor 4450B | XU1 PROCESSOR | 2294/1000mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 170.526 GiB free.
    D: is CDROM ()
    F: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1606: 9/28/2012 11:42:03 PM - Software Distribution Service 3.0
    RP1607: 9/29/2012 3:30:03 AM - Software Distribution Service 3.0
    RP1608: 9/29/2012 11:41:05 PM - Software Distribution Service 3.0
    RP1609: 9/30/2012 3:31:33 AM - Software Distribution Service 3.0
    RP1610: 9/30/2012 11:42:08 PM - Software Distribution Service 3.0
    RP1611: 10/1/2012 3:29:30 AM - Software Distribution Service 3.0
    RP1612: 10/2/2012 12:00:14 AM - Software Distribution Service 3.0
    RP1613: 10/2/2012 3:53:41 AM - Software Distribution Service 3.0
    RP1614: 10/3/2012 12:00:18 AM - Software Distribution Service 3.0
    RP1615: 10/3/2012 3:00:20 AM - Software Distribution Service 3.0
    RP1616: 10/4/2012 12:21:56 AM - Software Distribution Service 3.0
    RP1617: 10/4/2012 8:34:02 PM - Software Distribution Service 3.0
    RP1618: 10/5/2012 12:21:45 AM - Software Distribution Service 3.0
    RP1619: 10/5/2012 8:33:57 PM - Software Distribution Service 3.0
    RP1620: 10/6/2012 12:39:28 AM - Software Distribution Service 3.0
    RP1621: 10/6/2012 8:33:57 PM - Software Distribution Service 3.0
    RP1622: 10/7/2012 12:21:47 AM - Software Distribution Service 3.0
    RP1623: 10/8/2012 1:08:53 AM - System Checkpoint
    RP1624: 10/8/2012 9:06:29 AM - Installed EnGenius 11n USB Wireless LAN Driver and Utility
    RP1625: 10/8/2012 9:24:04 AM - Software Distribution Service 3.0
    RP1626: 10/8/2012 11:44:33 PM - Software Distribution Service 3.0
    RP1627: 10/9/2012 9:21:56 AM - Software Distribution Service 3.0
    RP1628: 10/9/2012 11:44:51 PM - Software Distribution Service 3.0
    RP1629: 10/10/2012 9:22:10 AM - Software Distribution Service 3.0
    RP1630: 10/10/2012 11:45:34 PM - Software Distribution Service 3.0
    RP1631: 10/11/2012 3:00:26 AM - Software Distribution Service 3.0
    RP1632: 10/12/2012 12:25:32 AM - Software Distribution Service 3.0
    RP1633: 10/12/2012 10:39:36 AM - Software Distribution Service 3.0
    RP1634: 10/13/2012 12:21:12 AM - Software Distribution Service 3.0
    RP1635: 10/13/2012 10:39:38 AM - Software Distribution Service 3.0
    RP1636: 10/14/2012 12:41:32 AM - Software Distribution Service 3.0
    RP1637: 10/14/2012 9:11:56 AM - Removed Google Drive
    RP1638: 10/15/2012 12:14:40 AM - Software Distribution Service 3.0
    RP1639: 10/15/2012 11:54:44 AM - Removed Google Drive
    RP1640: 10/15/2012 1:03:44 PM - Software Distribution Service 3.0
    RP1641: 10/16/2012 12:14:41 AM - Software Distribution Service 3.0
    RP1642: 10/16/2012 1:03:52 PM - Software Distribution Service 3.0
    RP1643: 10/17/2012 12:14:27 AM - Software Distribution Service 3.0
    RP1644: 10/17/2012 1:03:50 PM - Software Distribution Service 3.0
    RP1645: 10/18/2012 12:14:39 AM - Software Distribution Service 3.0
    RP1646: 10/18/2012 1:03:52 PM - Software Distribution Service 3.0
    RP1647: 10/19/2012 12:14:51 AM - Software Distribution Service 3.0
    RP1648: 10/19/2012 1:04:38 PM - Software Distribution Service 3.0
    RP1649: 10/20/2012 12:14:00 AM - Software Distribution Service 3.0
    RP1650: 10/20/2012 1:03:48 PM - Software Distribution Service 3.0
    RP1651: 10/21/2012 12:14:51 AM - Software Distribution Service 3.0
    RP1652: 10/21/2012 1:03:42 PM - Software Distribution Service 3.0
    RP1653: 10/22/2012 12:14:22 AM - Software Distribution Service 3.0
    RP1654: 10/23/2012 12:14:50 AM - Software Distribution Service 3.0
    RP1655: 10/23/2012 1:03:48 PM - Software Distribution Service 3.0
    RP1656: 10/24/2012 12:14:34 AM - Software Distribution Service 3.0
    RP1657: 10/24/2012 1:03:49 PM - Software Distribution Service 3.0
    RP1658: 10/25/2012 12:14:57 AM - Software Distribution Service 3.0
    RP1659: 10/25/2012 1:03:45 PM - Software Distribution Service 3.0
    RP1660: 10/26/2012 12:15:11 AM - Software Distribution Service 3.0
    RP1661: 10/26/2012 1:03:50 PM - Software Distribution Service 3.0
    RP1662: 10/27/2012 12:14:35 AM - Software Distribution Service 3.0
    RP1663: 10/27/2012 1:03:50 PM - Software Distribution Service 3.0
    RP1664: 10/28/2012 12:24:27 AM - Software Distribution Service 3.0
    RP1665: 10/28/2012 1:03:49 PM - Software Distribution Service 3.0
    RP1666: 10/29/2012 1:08:45 PM - System Checkpoint
    RP1667: 10/30/2012 12:12:22 AM - Software Distribution Service 3.0
    RP1668: 10/31/2012 12:55:39 AM - System Checkpoint
    RP1669: 10/31/2012 10:45:04 AM - Software Distribution Service 3.0
    RP1670: 11/1/2012 11:31:21 AM - System Checkpoint
    RP1671: 11/2/2012 12:11:42 AM - Software Distribution Service 3.0
    RP1672: 11/3/2012 12:55:14 AM - System Checkpoint
    RP1673: 11/3/2012 10:44:28 AM - Software Distribution Service 3.0
    RP1674: 11/4/2012 9:56:19 AM - System Checkpoint
    RP1675: 11/5/2012 10:56:19 AM - System Checkpoint
    RP1676: 11/6/2012 11:55:14 AM - System Checkpoint
    RP1677: 11/7/2012 12:55:14 PM - System Checkpoint
    RP1678: 11/8/2012 1:53:04 PM - System Checkpoint
    RP1679: 11/9/2012 9:59:05 AM - Software Distribution Service 3.0
    RP1680: 11/9/2012 10:23:54 AM - Removed Google Earth.
    RP1681: 11/10/2012 12:04:32 AM - Software Distribution Service 3.0
    RP1682: 11/10/2012 10:00:01 AM - Software Distribution Service 3.0
    RP1683: 11/10/2012 11:57:26 PM - Software Distribution Service 3.0
    RP1684: 11/24/2012 4:04:24 PM - Software Distribution Service 3.0
    RP1685: 11/25/2012 12:21:16 AM - Software Distribution Service 3.0
    RP1686: 11/25/2012 3:00:22 AM - Software Distribution Service 3.0
    RP1687: 11/26/2012 12:00:25 AM - Software Distribution Service 3.0
    RP1688: 11/26/2012 4:05:45 AM - Software Distribution Service 3.0
    RP1689: 11/26/2012 11:52:28 PM - Software Distribution Service 3.0
    RP1690: 11/27/2012 9:07:38 AM - Software Distribution Service 3.0
    RP1691: 11/27/2012 11:51:52 PM - Software Distribution Service 3.0
    RP1692: 11/28/2012 9:07:36 AM - Software Distribution Service 3.0
    RP1693: 11/28/2012 8:09:04 PM - Installed Windows XP KB942288-v3.
    RP1694: 11/28/2012 8:52:33 PM - Software Distribution Service 3.0
    RP1695: 11/29/2012 9:47:55 PM - System Checkpoint
    RP1696: 11/30/2012 12:28:36 AM - Software Distribution Service 3.0
    RP1697: 11/30/2012 3:00:21 AM - Software Distribution Service 3.0
    RP1698: 11/30/2012 8:54:50 AM - Software Distribution Service 3.0
    RP1699: 12/1/2012 12:28:25 AM - Software Distribution Service 3.0
    RP1700: 12/1/2012 8:55:34 AM - Software Distribution Service 3.0
    RP1701: 12/2/2012 12:28:39 AM - Software Distribution Service 3.0
    RP1702: 12/2/2012 8:55:26 AM - Software Distribution Service 3.0
    RP1703: 12/3/2012 12:28:23 AM - Software Distribution Service 3.0
    RP1704: 12/3/2012 8:55:26 AM - Software Distribution Service 3.0
    RP1705: 12/4/2012 12:28:04 AM - Software Distribution Service 3.0
    RP1706: 12/4/2012 8:55:26 AM - Software Distribution Service 3.0
    RP1707: 12/5/2012 12:28:40 AM - Software Distribution Service 3.0
    RP1708: 12/5/2012 8:54:31 AM - Software Distribution Service 3.0
    RP1709: 12/6/2012 12:28:34 AM - Software Distribution Service 3.0
    RP1710: 12/6/2012 8:55:24 AM - Software Distribution Service 3.0
    RP1711: 12/7/2012 12:20:33 AM - Software Distribution Service 3.0
    RP1712: 12/7/2012 11:30:42 AM - Software Distribution Service 3.0
    RP1713: 12/8/2012 12:08:55 AM - Software Distribution Service 3.0
    RP1714: 12/8/2012 2:56:18 PM - Software Distribution Service 3.0
    RP1715: 12/9/2012 12:08:10 AM - Software Distribution Service 3.0
    RP1716: 12/9/2012 2:56:07 PM - Software Distribution Service 3.0
    RP1717: 12/10/2012 12:08:54 AM - Software Distribution Service 3.0
    RP1718: 12/10/2012 2:56:37 PM - Software Distribution Service 3.0
    RP1719: 12/11/2012 12:09:05 AM - Software Distribution Service 3.0
    RP1720: 12/11/2012 2:56:26 PM - Software Distribution Service 3.0
    RP1721: 12/12/2012 12:08:58 AM - Software Distribution Service 3.0
    RP1722: 12/12/2012 3:00:33 AM - Software Distribution Service 3.0
    RP1723: 12/12/2012 2:56:01 PM - Software Distribution Service 3.0
    RP1724: 12/13/2012 12:19:40 AM - Software Distribution Service 3.0
    RP1725: 12/13/2012 5:16:48 PM - Software Distribution Service 3.0
    RP1726: 12/14/2012 12:19:44 AM - Software Distribution Service 3.0
    RP1727: 12/14/2012 5:16:40 PM - Software Distribution Service 3.0
    RP1728: 12/15/2012 12:19:42 AM - Software Distribution Service 3.0
    RP1729: 12/15/2012 5:17:52 PM - Software Distribution Service 3.0
    RP1730: 12/16/2012 12:20:17 AM - Software Distribution Service 3.0
    RP1731: 12/17/2012 12:13:10 AM - Software Distribution Service 3.0
    RP1732: 12/17/2012 3:49:10 PM - Software Distribution Service 3.0
    RP1733: 12/18/2012 12:13:16 AM - Software Distribution Service 3.0
    RP1734: 12/18/2012 3:49:09 PM - Software Distribution Service 3.0
    RP1735: 12/19/2012 12:13:12 AM - Software Distribution Service 3.0
    RP1736: 12/19/2012 3:49:09 PM - Software Distribution Service 3.0
    RP1737: 12/20/2012 12:13:09 AM - Software Distribution Service 3.0
    RP1738: 12/20/2012 11:58:30 PM - Software Distribution Service 3.0
    RP1739: 12/21/2012 4:03:47 PM - Software Distribution Service 3.0
    RP1740: 12/21/2012 6:17:23 PM - Installed Angry Birds
    RP1741: 12/22/2012 6:08:09 AM - Installed Angry Birds Space
    RP1742: 12/23/2012 12:15:11 AM - Software Distribution Service 3.0
    RP1743: 12/24/2012 12:14:11 AM - Software Distribution Service 3.0
    RP1744: 12/25/2012 12:14:20 AM - Software Distribution Service 3.0
    RP1745: 12/25/2012 3:47:28 AM - Software Distribution Service 3.0
    RP1746: 12/26/2012 12:14:39 AM - Software Distribution Service 3.0
    RP1747: 12/26/2012 3:47:52 AM - Software Distribution Service 3.0
    RP1748: 12/27/2012 3:53:07 AM - System Checkpoint
    RP1749: 12/27/2012 10:04:45 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Absolute Accessories
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Illustrator 10
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.4)
    Adobe SVG Viewer 3.0
    Angry Birds
    Angry Birds Space
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    ATI Problem Report Wizard
    Auslogics Disk Defrag
    Autorun Eater v2.5
    AZZ Cardfile
    Broadcom Management Programs
    Broadcom TPM Driver Installer
    Brother MFL-Pro Suite MFC-490CW
    Calculator Powertoy for Windows XP
    CDDRV_Installer
    Cisco WebEx Meetings
    ClarisWorks 4.0
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    DirectX 9 Runtime
    Dual-Core Optimizer
    EASEUS Partition Master 3.5 Unlimited Edition
    EnGenius 11n USB Wireless LAN Driver and Utility
    erLT
    ESET Online Scanner v3
    FileLocator Lite 2010
    FileZilla Client 3.3.5.1
    Four Winds
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952117-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB959765)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Help and Support
    IrfanView (remove only)
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    KhalInstallWrapper
    Logitech SetPoint
    Macromedia Dreamweaver 3
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Disc 2
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (4.0b3)
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MyTomTom 3.1.0.432
    Neat Image v6.0 Pro+
    NfoDiz 6.0 Setup
    NoteWorthy Composer
    NoteWorthy Composer 2
    OpenOffice.org 3.1
    Paint Shop Pro 6.02 ESD
    Paint.NET v3.5.10
    Panda USB Vaccine 1.0.1.4
    PaperPort Image Printer
    PDF Complete
    Pdf995
    PdfEdit995
    PrimoPDF -- brought to you by Nitro PDF Software
    PrintKey2000
    QuickTime
    Realtek High Definition Audio Driver
    Recuva
    Roxio CinePlayer Decoder Pack
    Roxio Easy Media Creator 7 Basic Edition
    Roxio Easy Video Copy and Convert 5
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Signature995
    SolSuite
    SpywareBlaster 4.6
    SUPERAntiSpyware Free Edition
    SyncToy 2.1 (x86)
    TClockEx
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    User Profile Hive Cleanup Service
    Visual Studio C++ 10.0 Runtime
    VLC media player 2.0.2
    VuePrint
    Wacom Tablet Driver
    WebEx Event Manager for Firefox or Chrome
    WebFldrs XP
    What's my computer doing 1.xx
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    WinPatrol
    WinRAR archiver
    WinZip
    Yahoo! SiteBuilder
    YTD Toolbar v6.6
    YTD Video Downloader 3.9.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/27/2012 8:31:00 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
    12/27/2012 8:31:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Update\GoogleUpdate.exe. Reference error message: The operation completed successfully. .
    12/22/2012 3:36:07 AM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).
    12/22/2012 12:12:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/22/2012 12:10:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/22/2012 12:09:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 cdudf_xp cmdGuard cmdHlp Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    12/22/2012 12:09:58 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/22/2012 12:09:58 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/22/2012 12:09:58 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/22/2012 12:09:58 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/22/2012 12:05:09 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    12/22/2012 12:05:09 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/22/2012 12:05:08 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    12/22/2012 12:05:08 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    12/22/2012 12:05:08 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    12/21/2012 12:49:55 AM, error: PlugPlayManager [11] - The device Root\LEGACY_MPKSL92322739\0000 disappeared from the system without first being prepared for removal.
    .
    ==== End Of File ===========================
     
  6. 2012/12/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  7. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Was not blocked.

    Report:

    RogueKiller V8.4.1 [Dec 27 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 12/27/2012 20:02:58

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys @ 0xAFC14640)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3250310AS +++++
    --- User ---
    [MBR] e83b8941b6ac5ca5668ffc0c30872435
    [BSP] 9d537c4cfcb595fd71159699bae0e705 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
    --- User ---
    [MBR] 99c675123683a4d01b5c1d8ae24cc0df
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 5 | Size: 244 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_12272012_02d2002.txt >>
    RKreport[1]_S_12272012_02d2002.txt ; RKreport[2]_D_12272012_02d2002.txt
     
  8. 2012/12/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Scan is working on affected computer, but WOW! That's a thorough little monster of a proggie!

    Will post logs as soon as...
     
  10. 2012/12/27
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    A question: the first scan is still running and it seems that 40% (ESTIMATE) of the programmes and files being scanned are .TMP files.

    Would it be permissible to run something like TEMPCLEANER between the initial and subsequent scans to speed up the subsequent?

    I'm old, and it's late and cold on the Right Coast.

    As always, sure do 'preciate your help.
     
  11. 2012/12/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's not a good idea to run temp files cleaner until we're sure your computer is clean.
     
  12. 2012/12/28
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Rajah that.

    Lost power last nite (transformer got taken out by a tree) so am restarting the scan now. When I fell asleep at 0130-ish it was still looking at temps.

    Gonna be a long morning.Very loooong...


    And afternoon....


    And Evening...
     
    Last edited: 2012/12/28
  13. 2012/12/28
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Ahhh... 14 (+) hours for a scan? And then I'm supposed to do another one right after?
     
  14. 2012/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is MBAR still actually scanning?
     
  15. 2012/12/28
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    If not, it certainly is giving a good impression...

    It's been in C:\documents and settings\administrator\local settings\local settings\temp\*.tmp forever.

    Looks like it's going through

    each

    temp

    file

    one

    at

    a


    (zzzzzzz)....


    I suppose it could be doing a "Keystone Kops" routine and recycling the files thru a scan loop, but I've been keeping an eye on things and there seems to have been a progression of file names right along.


    Right: we're at SSUCB0F.TMP... now at SSUCB7C.TMP... SSUCBC5.TMP...
     
  16. 2012/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, we have no choice but to let it be...
     
  17. 2012/12/28
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    "Whisp'ring words of Wisdom... "
     
  18. 2012/12/28
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    (had a couple...)

    It is now here 2115 and I have been looking at this screen since 0425 this moring. I am to bed and worrying about this tomorrow when it (from MY lips to GOD'S ears!) will have finished scanning.

    Denkschooberrimunch.
     
  19. 2012/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    See ya tomorrow :)
     
  20. 2012/12/29
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    Scan finshed: No malware found.

    "Congratulations. No cleanup required. "

    I'd like to run a temp cleaner (your choice as to CCleaner or TFC) to get rid of about 1.1GB of .tmp files JUST in C:\documents and settings\administrator\local settings\local settings\temp, then run the rootkit check again. The last scan took between 19 and 22 hrs to run.
     
    Last edited: 2012/12/29
  21. 2012/12/29
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    455
    Likes Received:
    4
    May be a larger problem than I thought: Momma comes down and wants to use her computer. Since it had a "clean bill" from the rootkit scan I saw no reason she shouldn't check out emails... except that IE is not working, along with some other interesting bits.

    Mozilla is just fine, but IE will not load and hangs. Adobe flashplayer has crashed and attempts to re-install fail (hang with white screen). Tried to do a System Restore and THAT hangs with a white screen...

    Stopped there to await your advice on this. Separate problem from the possible malware? Result of some infection?

    Let me know if this needs a new thread in another forum niche.
     
    Last edited: 2012/12/29

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.