BleepingComputer.com: Fake HDD

Hello,

I am running windows XP, I woke up at around 2am to find that my desktop was blank except for one firefox icon and it was see through like it was set to hidden, I soon realized that every file on my system was hidden and everything in my Start menu was gone, I mean everything. Suddenly I got a million error messages about my hard drive failing. I manually started setting my folders back to visible then I began running the usually malware scans, combofix, kaspersky tdss killer, malewarebytes, hijackthis and smitfraud fix. They all found viruses and removed them but none of my start menu programs returned the folders were there but they all said empty so I went in and put shortcuts but it is nowhere near what it was before I am still missing a lot of things. After realizing so much was still not showing up I came to the forums here and tried everything suggested from "unhide me" to regedit and registry keys nothing worked. My system restore is also not allowing me in when I access it it says that "system restore cannot protect your computer..." Even when I go to (control panel) and into (system) the system restore tab will not let me alter anything the buttons for apply and OK can be clicked a million times but it wont take effect. The other tabs in (system) do work. Please someone help. I will also include a current hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:42:57 PM, on 11/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\downloads\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2388 bytes

This post has been edited by Orange Blossom: 01 December 2011 - 02:24 AM
Reason for edit: Moved to log forum. ~ OB

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430172 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

If you still need help, please post the requested logs.

Yes I am sorry I have taken so long. I have completed all the steps except the GMER scan which I am doing now. Also, since I last posted, my system restore situation has gotten worse, now it doesn't even come up when I try to access it. The tab for "system restore" in "system" is missing. When I try to run it from "Administrative tools/services" it gives me "could not start system restore service on local computer. Error 1058: has been disabled or no enabled devices associated with it." I will post the log later tonight. Also, I have no Windows CD. Thanks so much.

This post has been edited by sbutros: 07 December 2011 - 11:03 PM

Okay, I'll wait for the logs. If you can't create the GMER log, just post the DDS logs.

Hello, here is the DDS log. I could not create the GMER log. About three hours into it my screen went blue and said an error occurred and that it was dumping physical memory and a counter started.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:57:29 on 2011-12-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.96 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: Interfaces\{3B6EC8C0-1FE4-42A2-BB5E-011A4AB64BC4} : NameServer = 8.8.8.8,8.8.4.4
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\czr6x5q8.default\
FF - prefs.js: browser.startup.homepage - hxxp://movies.netflix.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-30 64512]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2009-9-15 37040]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S1 tdklrymk;tdklrymk;\??\c:\windows\system32\drivers\tdklrymk.sys --> c:\windows\system32\drivers\tdklrymk.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-28 16640]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-22 136176]
S4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2008-9-16 352312]
.
=============== Created Last 30 ================
.
2011-12-01 06:00:14 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-01 05:22:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-01 05:13:24 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-01 05:13:03 -------- d-----w- c:\program files\Lavasoft
2011-12-01 03:40:02 872 ----a-w- c:\windows\system32\tmp.reg
2011-11-30 22:09:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 22:09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 12:50:08 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-30 10:23:45 -------- d-----w- C:\ComboFix
2011-11-20 20:14:09 -------- d-----w- C:\tmp
2011-11-16 04:03:29 -------- d-----w- c:\program files\iPod
2011-11-16 04:03:00 -------- d-----w- c:\program files\iTunes
2011-11-13 05:18:31 -------- d-----w- c:\documents and settings\owner\application data\ProgSense
2011-11-13 03:45:18 -------- d-----w- c:\documents and settings\all users\application data\PCPitstop
2011-11-13 03:44:28 -------- d-----w- c:\program files\PCPitstop
2011-11-13 01:02:54 -------- d--h--w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2011-11-15 19:48:48 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 22:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:00:30.87 ===============

As you mentioned you ran Combofix, can you please post me the log at c:\combofix.txt

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

This topic has been re-opened at the request of the person who originally posted.

The c:\combofix.txt is nowehere to be found. Would you like me to run combofix again?

Yes, please run it as indicated below.

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Hello, it appears I already have the Microsoft recovery Console installed because it did not prompt me to install it. So far the main problems left are system restore gives the error that it is unable to protect my computer and when I try to update windows it gives me this error: http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us even though I followed these steps it still gives me this same error. I ran combofix today and between steps 38 and 39 it gave me the error Cannot create file "C:\qoobox\Quarantine\registry_backups\tcpip.reg. Access is denied but it continued on to the end and the log report it generated is below.

ComboFix 12-01-02.02 - Owner 01/02/2012 15:58:41.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.284 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\My Documents\Downloads\PowerPointViewer.exe
c:\documents and settings\Owner\Start Menu\Internet Explorer.lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-02 06:29 . 2012-01-02 06:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-30 08:27 . 2011-12-30 08:27 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 08:27 . 2011-12-30 08:27 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 08:27 . 2011-12-30 08:27 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 08:27 . 2011-12-30 08:27 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-29 23:18 . 2011-12-29 23:18 -------- d-----w- c:\documents and settings\Owner\Application Data\DDMSettings
2011-12-27 06:32 . 2011-12-27 06:32 -------- d-----w- c:\program files\iPod
2011-12-27 06:31 . 2011-12-31 17:22 -------- d-----w- c:\program files\iTunes
2011-12-27 00:04 . 2011-12-27 00:04 515330 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-11-30 22:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 05:22 . 2011-12-01 05:22 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-01 05:22 . 2011-12-01 06:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-30 12:50 . 2011-11-30 12:50 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-15 19:48 . 2011-05-20 23:24 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 20:06 . 2011-12-01 05:13 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-24 22:29 . 2011-10-24 22:29 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ---ha-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26 . 2011-10-20 23:26 94208 ---ha-w- c:\windows\system32\dpl100.dll
2011-10-10 14:22 . 2009-09-15 22:37 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-12-30 08:27 . 2011-05-30 21:06 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-12 5406720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-12 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ---ha-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 09:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 03:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"PavPrSrv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdate"=2 (0x2)
"ose"=3 (0x3)
"RosettaStoneLtdController"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdController.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServer.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/30/2011 9:13 PM 64512]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/1/2009 2:29 PM 47360]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [9/15/2009 7:23 AM 37040]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S1 tdklrymk;tdklrymk;\??\c:\windows\system32\drivers\tdklrymk.sys --> c:\windows\system32\drivers\tdklrymk.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2012 10:29 PM 40776]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [9/28/2009 11:54 AM 16640]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 10:59 PM 136176]
S4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [9/16/2008 10:02 AM 352312]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 20:06]
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\czr6x5q8.default\
FF - prefs.js: browser.startup.homepage - hxxp://movies.netflix.com/
FF - prefs.js: network.proxy.type - 0
.
Supplementary scan did not complete!
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,b7,04,48,46,b4,4d,4b,85,ce,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,b7,04,48,46,b4,4d,4b,85,ce,e1,\
.
Completion time: 2012-01-02 16:28:04
ComboFix-quarantined-files.txt 2011-11-10 21:13
ComboFix2.txt 2011-11-09 03:54
ComboFix3.txt 2011-10-30 00:51
ComboFix4.txt 2011-10-21 23:50
ComboFix5.txt 2011-11-30 10:24
.
Pre-Run: 20,756,824,064 bytes free
Post-Run: 20,912,099,328 bytes free
.
- - End Of File - - 0808640F5060BDBE3C0F4CFC1CF33E2B

I just realized the link was probably not a good idea if your not using IE. So I'll cut and paste the error it gives when trying to update windows:

Please change your Internet Explorer security settings
To save changes to your settings for this website, you need to enable userdata persistence for Internet Explorer. Complete the steps below, and then click Change settings to the left and try saving your changes again.
1. In Internet Explorer, on the Tools menu, click Internet Options.
2. Click the Security tab, click the Internet security zone icon, and then click Custom Level.
3. In the Settings dialog box, scroll to the Miscellaneous section.
4. Under Userdata persistence , select Enable.
5. Click OK and when the security warning dialog box appears, click Yes.

I've done this many times it already is enabled.

Can you please rerun DDS and post me attach.txt (it will be minimized when the scan is finished).

Here is the DDS Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/28/2011 3:05:58 PM
System Uptime: 1/2/2012 7:44:33 PM (16 hours ago)
Processor: Intel® Pentium® M processor 1.73GHz | N/A | 794/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 17.783 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&AD1B67F&0&58F0
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&AD1B67F&0&58F0
Service: w29n51
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&1&0000
Manufacturer: (Standard CD-ROM drives)
Name: MagicISO Virtual DVD-ROM0000
PNP Device ID: SCSI\CDROM&VEN_MAGICISO&PROD_VIRTUAL_DVD-ROM&REV_1.0A\1&2AFD7D61&1&0000
Service: cdrom
.
==== System Restore Points ===================
.
RP109: 9/1/2011 9:03:53 AM - System Checkpoint
RP110: 9/1/2011 6:13:36 PM - Installed Rosetta Stone Version 3
RP111: 9/1/2011 6:14:45 PM - Installed Rosetta Stone Ltd Services
RP112: 9/2/2011 8:11:17 PM - System Checkpoint
RP113: 9/3/2011 8:20:16 PM - System Checkpoint
RP114: 9/4/2011 11:23:25 PM - System Checkpoint
RP115: 9/6/2011 9:39:11 AM - System Checkpoint
RP116: 9/7/2011 5:02:33 PM - Software Distribution Service 3.0
RP117: 9/8/2011 5:48:29 PM - System Checkpoint
RP118: 9/10/2011 12:37:21 AM - System Checkpoint
RP119: 9/11/2011 1:56:49 AM - System Checkpoint
RP120: 9/12/2011 5:52:44 PM - Installed Microsoft Web Platform Installer 3.0
RP121: 9/12/2011 5:55:49 PM - Removed Microsoft Web Platform Installer 3.0
RP122: 9/12/2011 5:56:29 PM - Removed Google Talk Plugin
RP123: 9/13/2011 2:56:44 PM - Software Distribution Service 3.0
RP124: 9/15/2011 3:34:31 AM - System Checkpoint
RP125: 9/16/2011 10:18:10 AM - System Checkpoint
RP126: 9/17/2011 10:30:39 PM - System Checkpoint
RP127: 9/19/2011 1:18:13 AM - System Checkpoint
RP128: 9/21/2011 6:07:13 PM - System Checkpoint
RP129: 9/22/2011 6:54:17 PM - System Checkpoint
RP130: 9/23/2011 9:36:03 PM - System Checkpoint
RP131: 9/24/2011 10:19:09 PM - System Checkpoint
RP132: 9/26/2011 1:00:20 AM - System Checkpoint
RP133: 9/27/2011 10:21:35 AM - System Checkpoint
RP134: 9/28/2011 5:47:12 PM - Software Distribution Service 3.0
RP135: 9/29/2011 11:43:32 PM - System Checkpoint
RP136: 9/30/2011 11:57:57 PM - System Checkpoint
RP137: 10/1/2011 9:05:04 AM - Removed HiJackThis
RP138: 10/1/2011 9:08:31 AM - Installed HiJackThis
RP139: 10/1/2011 9:09:40 AM - Installed HiJackThis
RP140: 10/3/2011 1:41:25 AM - System Checkpoint
RP141: 10/4/2011 2:32:29 AM - System Checkpoint
RP142: 10/4/2011 6:58:12 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP143: 10/5/2011 10:08:59 PM - System Checkpoint
RP144: 10/6/2011 11:22:36 PM - System Checkpoint
RP145: 10/8/2011 3:27:52 AM - System Checkpoint
RP146: 10/9/2011 3:55:22 AM - System Checkpoint
RP147: 10/11/2011 10:40:44 PM - System Checkpoint
RP148: 10/12/2011 6:29:52 PM - Software Distribution Service 3.0
RP149: 10/13/2011 11:58:08 PM - System Checkpoint
RP150: 10/15/2011 4:57:06 AM - System Checkpoint
RP151: 10/16/2011 8:47:07 AM - System Checkpoint
RP152: 10/17/2011 4:01:14 PM - System Checkpoint
RP153: 10/18/2011 6:18:42 PM - System Checkpoint
RP154: 10/19/2011 10:26:40 PM - System Checkpoint
RP155: 10/20/2011 11:03:09 PM - System Checkpoint
RP156: 10/22/2011 7:58:54 AM - System Checkpoint
RP157: 10/23/2011 7:54:26 PM - System Checkpoint
RP158: 10/25/2011 12:14:49 AM - System Checkpoint
RP159: 10/26/2011 1:10:07 AM - System Checkpoint
RP160: 10/27/2011 1:43:16 AM - System Checkpoint
RP161: 10/27/2011 5:49:05 AM - Software Distribution Service 3.0
RP162: 10/27/2011 4:58:58 PM - Software Distribution Service 3.0
RP163: 10/28/2011 3:00:44 AM - Software Distribution Service 3.0
RP164: 10/29/2011 11:23:23 AM - System Checkpoint
RP165: 10/30/2011 12:08:38 PM - System Checkpoint
RP166: 11/1/2011 1:07:55 AM - System Checkpoint
RP167: 11/2/2011 8:25:16 PM - System Checkpoint
RP168: 11/3/2011 11:54:53 PM - System Checkpoint
RP169: 11/5/2011 12:01:29 AM - System Checkpoint
RP170: 11/6/2011 2:36:48 AM - System Checkpoint
RP171: 11/7/2011 3:59:11 PM - System Checkpoint
RP172: 11/8/2011 5:22:30 PM - System Checkpoint
RP173: 11/9/2011 5:33:37 PM - System Checkpoint
RP174: 11/10/2011 3:00:23 AM - Software Distribution Service 3.0
RP175: 11/10/2011 3:03:10 PM - Software Distribution Service 3.0
RP176: 11/12/2011 5:58:59 AM - System Checkpoint
RP177: 11/13/2011 6:09:52 AM - System Checkpoint
RP178: 11/14/2011 3:31:49 PM - System Checkpoint
RP179: 11/16/2011 12:30:53 AM - System Checkpoint
RP180: 11/17/2011 1:25:10 AM - System Checkpoint
RP181: 11/18/2011 1:29:35 AM - System Checkpoint
RP182: 11/19/2011 12:05:08 PM - System Checkpoint
RP183: 11/21/2011 12:10:00 AM - System Checkpoint
RP184: 11/22/2011 12:23:17 AM - System Checkpoint
RP185: 11/23/2011 12:55:02 AM - System Checkpoint
RP186: 11/24/2011 1:18:42 AM - System Checkpoint
RP187: 11/28/2011 11:52:49 PM - System Checkpoint
RP188: 11/29/2011 11:57:45 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CDBurnerXP
CloneDVD 4.1.0.23
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD43 v4.6.0
dvdSanta 4.50
Google Update Helper
H.264 Decoder
Handbrake 0.9.4
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
iPhone Configuration Utility
iTunes
Java™ 6 Update 16
K-Lite Codec Pack 4.9.5 (Basic)
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 3.1
Orbit Downloader
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone Ltd Services
Rosetta Stone Version 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sony Utilities DLL
swMSM
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 12:09:46 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/31/2011 12:09:40 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/30/2011 1:18:28 AM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 00014A837840 has been denied by the DHCP server 76.85.238.52 (The DHCP Server sent a DHCPNACK message).
12/27/2011 9:30:44 AM, error: Dhcp [1002] - The IP address lease 76.167.231.203 for the Network Card with network address 00014A837840 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/27/2011 7:32:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ShldDrv
12/27/2011 7:32:11 PM, error: Service Control Manager [7000] - The Panda Process Protection Driver service failed to start due to the following error: The system cannot find the file specified.
12/27/2011 7:31:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/27/2011 5:29:46 PM, error: System Error [1003] - Error code 000000ca, parameter1 00000002, parameter2 81eff290, parameter3 00000000, parameter4 00000000.
1/2/2012 9:49:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/2/2012 4:18:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/2/2012 4:03:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/2/2012 10:17:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2012 10:05:54 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================